The memory corruption flaw CVE-2017-8663 requires a user to open a specially crafted file with an affected version of Microsoft Outlook. It could be exploited in an email attack scenario by sending a specially crafted file to the user and then convincing the user to open the file.
The information disclosure flaw CVE-2017-8572 can be exploited if an attacker knew the memory address location where the object was created and then crafted a special document file and convinced the user to open it. Exploitation of the flaws would allow a remote attacker to take control of an affected system.
Neither of the flaws have been publicly exploited and Microsoft hasn’t identified any workarounds or mitigation factors for the bug. Users should update their systems to the latest version to ensure their devices are secure.
This article originally appeared at scmagazineuk.com