CVE‑2017‑3736 – Outlook 2013 Remote Code Execution

Impact

A malicious email can trigger arbitrary code execution on the victim’s machine. The flaw lies in the handling of OLE objects in Outlook 2013. Attackers can deliver payloads without user interaction.

Affected Products

• Microsoft Outlook 2013 (All builds)
• Outlook for Office 365 (2013 version)
• Windows 7, 8, 8.1, 10 – any with Outlook 2013 installed

CVSS Score

• Base Score: 9.8 (Critical)
• Attack Vector: Network
• Privileges Required: None
• User Interaction: None

Technical Details

Outlook 2013 parses OLE objects in attachment streams without proper bounds checking. An attacker crafts a malicious OLE stream that exploits a buffer overflow in the OleObject handler. The overflow allows arbitrary code execution with the privileges of the logged‑in user. The vulnerability is present in the msoutl.exe component.

Mitigation Steps

1. Apply the security update released on 2017‑12‑05. Download from the Microsoft Update Catalog. The KB is KB4018613.
2. If the update cannot be applied immediately, disable automatic email processing for untrusted attachments by setting the policy: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Security\DisableAttachmentProcessing to 1.
3. Educate users to avoid opening attachments from unknown senders.
4. For environments using Exchange, block OLE attachments via Transport Rules.

Timeline

• 2017‑11‑29: CVE discovered and reported to MSRC.
• 2017‑12‑05: Security update released.
• 2018‑01‑15: Advisory issued to all customers.

Further Resources

• Microsoft Security Update Guide – CVE‑2017‑3736
• KB4018613 Update Details
• OLE Object Vulnerability Overview

Conclusion

The vulnerability is critical and exploitable without user interaction. Apply the patch immediately. Monitor for any anomalous activity on affected systems.