“An attacker who successfully exploited this vulnerability could bypass Outlook’s block list and enable the creation of malicious DLL files,” the company said.
Arbitrary code execution occurs with the privileges of the current user, so, in order to fully control the system, attackers will have to combine it with an elevation of privilege error. The researchers who discovered this vulnerability said they found a second one that will be included in their DEF CON presentation, but not yet deployed.
Attackers have used Outlook vulnerabilities in the wild before, as email is the main source of malware distribution. Even APT teams have used Outlook errors before installing zero clicks.
Source link