Rule Category

FILE-OFFICE -- Snort detected traffic targeting vulnerabilities in files belonging to the Microsoft Office suite of software (Excel, PowerPoint, Word, Visio, Access, Outlook, etc.).

Alert Message

FILE-OFFICE Microsoft Outlook email rules file memory corruption attempt

Rule Explanation

This event is generated when a memory corruption attempt is detected in Microsoft Outlook rules file. Impact: Attempted User Privilege Gain Details: Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

Additional Links

Rule Vulnerability

CVE Additional Information

CVE-2018-8582
A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8576.
Details
Severity Base Score8.8
Impact Score5.9 Exploit Score2.8
Confidentiality ImpactHIGH Integrity ImpactHIGH
Availability ImpactHIGH Access Vector
Authentication Ease of Access