Primary

Context

Microsoft Outlook Out-of-Bounds Read Vulnerability Leading to Local Remote Code Execution

Vulnerability

Patched

A vulnerability allowing out-of-bounds read has been identified in Microsoft Office Outlook. This issue enables an unauthorized attacker to execute code locally. The vulnerability is present in several versions of Microsoft Outlook, including the 2024 and 2021 LTSC releases, as well as Microsoft 365 Apps for Enterprise. Exploitation requires the user to open a specially crafted file, after which the attacker can execute arbitrary code on the user's machine.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Users can apply the security update available through the Microsoft Update Catalog. Instructions for downloading this update can be found on the Microsoft Office Update page.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Outlook Out-of-Bounds Read Vulnerability Leading to Local Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Microsoft Office LTSC 2024

Microsoft 365 Apps

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating