Primary

Context

Microsoft Outlook Improper Input Validation Leading to Local Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability has been identified in Microsoft Office Outlook. This issue arises from improper input validation, allowing an authorized attacker to execute code locally. The vulnerability affects several Outlook versions, including Outlook 2016, Office LTSC 2024, Office LTSC 2021, Microsoft 365 Apps for Enterprise, and Outlook 2019.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Users can apply the security update available through the Microsoft Update Catalog. For Microsoft 365 Apps for Enterprise, security update instructions can be found on the Microsoft 365 Apps Security Updates page.

Added: Jun 10, 2025, 5:27 PM

Updated: Jun 10, 2025, 5:27 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

10.0

exploitability

3.0

remediation

7.7

relevance

0.2

threat

0.1

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

10.0

exploitability

3.0

remediation

7.7

relevance

0.2

threat

0.1

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Outlook Improper Input Validation Leading to Local Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft Outlook

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating