Microsoft Outlook Embedded OLE Object (MS15-131: CVE-2015-6172)
A sandbox bypass vulnerability, known as BadWinMail, exists in Microsoft Outlook. The vulnerability is due to the support provided by Outlook for two file formats that are being parsed automatically by Outlook which does not run under a sandbox and has medium integrity level. A remote attacker ca...