A spoofing bug (CVE-2019-1105) can open the door to an email attack chain.
Microsoft has patched a vulnerability in Microsoft Outlook for Android, which opens the door to cross-site scripting (XSS) attacks.
The software giant said that
CVE-2019-1105, rated “important,” is a spoofing vulnerability that exists in the way Microsoft Outlook for Android software parses specifically crafted email messages.
“An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim,” according to Microsoft’s
Thursday advisory. “The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user.”
Microsoft patches actively exploited Office zero-day vulnerability
Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks
Cloud Atlas Exploits Office Vulnerabilities to Execute Malicious Code