#microsoft

Microsoft Office Visio Remote Code Execution Vulnerability.

Microsoft SharePoint Server Spoofing Vulnerability.

Microsoft Office ClickToRun Remote Code Execution Vulnerability.

Microsoft Office Graphics Remote Code Execution Vulnerability.

**Is the Preview Pane an attack vector for this vulnerability?** Yes, the Preview Pane is an attack vector.

**What privileges are required to exploit this vulnerability?** The attacker needs access to an unlocked mobile device to exploit the vulnerability.

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

**How could an attacker exploit this vulnerability?** An authenticated user could send a specially crafted SQL request to a Dynamics GP Web Service and perform remote code execution.

**How could an attacker exploit this vulnerability?** An attacker could send a specially crafted request to a vulnerable Dynamics site and overwrite database contents.

**The CVSS Score says user action is required. What type of user action is required?** An authenticated user would have to visit a specific URL that will create an action for a workflow.