I found an interesting blog post A Deep Analysis of the Microsoft Outlook Vulnerability CVE-2018-8587 about Microsoft Outlook heap buffer overflow vulnerability where is described how Microsoft Outlook can be exploited by using specially crafted mail classification rules file (RWZ).
To reproduce this vulnerability, we need to run Microsoft Outlook, then click “Rules => Manage Rules&Alerts => Options => Import Rules” and select the PoC file which causes Outlook to crash.
In the end they are writing:
Applying this patch is critical since an attacker who successfully exploits this vulnerability could use a specially crafted file to perform actions in the security context of the current user.
But how likely is that someone could exploit this vulnerability? I mean an attacker needs to send this malicious file to a user who needs to actively import this file which exploits this heap buffer overflow bug. It seems to me completely different from such attacks where an attacker sends a malicious PDF document which exploits some vulnerability in Adobe Reader. Here you need to actively hack yourself (similar to self-XSS in web security).
Even Microsoft states:
To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.
So this bug seems to be somewhat useless and very unlikely to exploit?
Such errors generate with Outlook based systems issues are really very frequent for the users. To overcome these errors can take guidance from Mac Outlook Search Not Working that surely fruitful for them.
I have a requirement where I have to update list item in a list fetching values from an e-mail. I have to create a button in the outlook ribbon, clicking on which the values (in key-value pair) should be stored in the sharepoint 2013 list. Cannot use server side coding. It has to be done by client side.
I am specifically asking about Outlook Web Access (browser based Outlook), and not for any other email service or program.
Within Outlook Web Access, is there a way to tell whether or not an email was spoofed? For example, if I receive an email from “firstname.lastname@example.org”, how can I be sure that the email is from “company.com” and not spoofed?
There is an option in Outlook to direct all messages from outside the organization to the junk folder, but I found that this feature is not reliable. Spoofed messages still get through.
As part of a University, I have been assigned a University email. When I access my email through Outlook, and I go on the “People” section, I am able to access a section with all of the contacts in the University.
However, I am able to export as a CSV file only the contacts that I directly add to my contacts list.
The question is: how can I export all of the contacts in the directory without directly adding them to my contacts?
I’m trying to change the “Files” link that SharePoint Group members will see in Outlook. My organization uses this button almost exclusively to access their Shared Document Library files, most of them do not know another way (It’s a work in progress).
Is there a way to change the link location of this Outlook Group “Files” button? I’m trying to direct it to a different SharePoint Document Library.
An image for reference above.
Disclaimer: I’m a novice at SharePoint Online and realize that there are MANY restrictions/changes in this version over others. So if this is yet another thing that I cannot do, I understand. Any work-around is appreciated.
Good afternoon everyone, I have authentication problems in the versions of Outlook 2010 and 2013, because the client account of the error wh… | Read the rest of http://www.webhostingtalk.com/showthread.php?t=1770476&goto=newpost
I’m using this code:
Application oApp = new Application(); MailItem oMailItem = oApp.CreateItem(OlItemType.olMailItem) as MailItem;
When I debug and run it in my machine, it works fine. When I publish it to the server the application is opened but the mailitem isn’t created giving the error:
“Thread was being aborted”
I’m a business user of Office 365, including Outlook. I recently had to replace the main SSD drive in my Mac Pro; I was unable to do a normal Time Machine restore (bombed out halfway through the restore), so instead I did a full reinstall of Mojava (10.14.5) and used the Migration Assistant to restore my entire system.
This seemed to work pretty well, except that I can no longer search for messages in Outlook – every search returns “No Results” almost straight away. I’ve tried the usual advice – rebooted, rebuilt Spotlight index etc, but nothing appears to fix it, and it’s becoming increasingly frustrating. Everything else, including Spotlight search for other things, seems to be working fine.
Before I try deleting and recreating my profile from scratch – which I really don’t want to do – is there anything else I can try to get searching working again?
Hoping this is the right venue to ask this. If not, please feel free to point me in the right direction. That said…
I’m trying to create a nicely formatted signature block for a client who uses Office365 for their company email. I’ve formatted the block using basic html and then viewed it in a web browser. (Nothing fancy, just some text and a company logo. No CSS styles and local style attributes on all DIVs) I then select the block in the browser, copy it to the clip board and then paste it into Outlook.
It appears to strip out any padding I had on the DIVs and also seems to be ignoring or stripping out the formatting on hyperlinks and email addresses. Also, all P tags appear to not have any spacing between them. Had to resort to BR tags to get space between them.
Anyone have some direct experience with this or have knowledge of documentation on what it’s doing to my code?