Microsoft released patches for vulnerabilities affecting Outlook.
None of the flaws have been disclosed and none of them have been exploited in attacks, said Microsoft officials. The security holes end up related to Click-to-Run (C2R), a streaming and virtualization technology used to install Office products.
One of the vulnerabilities, discovered by the Microsoft Office Security Team is a memory corruption that can end up leveraged for remote code execution. The weakness can end up exploited by getting an Outlook user to open a specially crafted file sent to them via email.
An attacker who successfully exploited the vulnerability could take control of an affected system, Microsoft said in its advisory.
Another vulnerability is a security feature bypass issue that exists due to the way Outlook handles input. An attacker can exploit the flaw by tricking the targeted user into opening and interacting with a specially crafted document.
A third hole is an information disclosure issue that exists because Office improperly discloses memory content. An attacker who knows the memory address of the targeted object needs to trick the target into opening a specially crafted file to obtain information that can be useful for accessing the victim’s computer and data.
In mid-July, while not the same as the issues above, Microsoft pulled back three patches it sent out for Outlook vulnerabilities.