 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.812075 |
| Category: | Windows |
| Title: | Microsoft Outlook 'Dynamic Data Exchange (DDE)' Attacks Security Advisory (4053440) |
| Summary: | This host is missing an important security; update according to Microsoft Security Advisory 4053440. |
| Description: | Summary: This host is missing an important security update according to Microsoft Security Advisory 4053440. Vulnerability Insight: The flaw exists as the Microsoft Office provides several methods for transferring data between applications and the 'DDE' protocol is one such set of messages and guidelines. It sends messages between applications that share data, and uses shared memory to exchange data between applications. Applications can use the DDE protocol for one-time data transfers and for continuous exchanges in which applications send updates to one another as new data becomes available. Vulnerability Impact: Successful exploitation will allow remote attackers to perform code execution on the targeted device. Affected Software/OS: - Microsoft Outlook 2016 - Microsoft Outlook 2013 - Microsoft Outlook 2010 - Microsoft Outlook 2007 Solution: Disable the DDE feature via the registry editor or user interface as given in advisory. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Copyright | Copyright (C) 2017 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |