CVE-2019-1460 - Outlook for Android Spoofing Vulnerability

    CVE-2019-1460 - Outlook for Android Spoofing Vulnerability

    CVE-2019-1460 - Outlook for Android Spoofing Vulnerability

    Security Vulnerability

    Posted: 20 Nov 2019

    MITRE CVE-2019-1460

    A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim.

    The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user.

    The security update addresses the vulnerability by correcting how Outlook iOS parses specially crafted email messages.

    Exploitability Assessment

    The following table provides an exploitability assessment for this vulnerability at the time of original publication.

    Publicly Disclosed Exploited Latest Software Release Older Software Release Denial of Service
    No No Not Applicable Not Applicable Not Applicable

    Security Updates

    To determine the support life cycle for your software version or edition, see the Microsoft Support Lifecycle.

    Product Platform Article Download Impact Severity Supersedence
    Microsoft Outlook for Android Release Notes Security Update Spoofing Important


    Microsoft has not identified any mitigating factors for this vulnerability.


    Microsoft has not identified any workarounds for this vulnerability.


    Rafael Pablos

    See acknowledgements for more information.


    The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.


    Version Date Description
    1.0 11/19/2019 Information published.

    Brink's Avatar Posted By: Brink
    20 Nov 2019


  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 13:55.
Find Us

Windows 10 Forums