Microsoft Outlook for Android Vulnerable to Cross-Site Scripting

Microsoft Outlook Vulnerability on Android

In June 2019, Microsoft published an advisory on a critical vulnerability found in the Microsoft Outlook Android application. The attack happens when an email is sent to the victim with an embedded hidden code.  The code results in cross-site scripting (XSS) attack on the affected system and can run scripts in the security context of the current user.

The proof of concept code has been released and is now available to the public.  To defend against this vulnerability users are urged to update the application.  If the application has not updated automatically, it can be done manually via the Google Play Store.

If you are interested in learning more, view our latest posts on Microsoft Windows vulnerabilities.

Abusing Insecure WCF Endpoints

Learn useful techniques to identify vulnerable WCF services, discover what to look for when analyzing decomposed .NET assemblies, including those that have been obfuscated, and watch a demonstration of attacks against real software. Learn More →