Office 365 Zero-Day Used in Real-World Phishing Campaigns

Discussion in '0-day Release' started by silversurfer, May 8, 2018.

  1. silversurfer

    silversurfer Malware Tester Silver Member

    A new zero-day vulnerability known as baseStriker allows miscreants to send malicious emails that bypass security systems on Office 365 accounts.

    Discovered last week, on May 1, 2018, by security researchers from Avanan, baseStriker is a flaw in how Office 365 servers scan incoming emails.

    At the center of this vulnerability is the < base > HTML tag. This is a seldom used tab, but developers declare it in the < head > section of an HTML document (web page), and its purpose is to establish a base URL for relative links.

    Full Article:
    revC0de and RGiskardR like this.
  2. Google Adsense

Share This Page