“An attacker who efficiently exploited this vulnerability might bypass Outlook registry block lists and allow the creation of malicious DLL information,” the corporate stated.
The arbitrary code execution happens with the privileges of the present person, so, with a purpose to totally take over a system, attackers must mix it with a privilege escalation flaw. The researchers who discovered this vulnerability declare to have discovered a second one which will probably be included of their DEF CON presentation, however which has not been patched but.
Attackers have exploited Outlook vulnerabilities earlier than within the wild, as e mail is the first vector for distributing malware. Even APT teams have exploited Outlook flaws earlier than together with zero-click ones.