Описание
Microsoft Outlook Information Disclosure Vulnerability
An information disclosure vulnerability exists in the way that Microsoft Exchange Server parses email messages. The vulnerability could allow an attacker to discover confidential user information that is contained in Microsoft Outlook applications.
To exploit the vulnerability, an attacker could use "send as" rights to send a specially crafted message to a user.
The security update addresses the vulnerability by correcting how Microsoft Exchange parses certain unstructured file formats.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Exchange Server 2007 Service Pack 3 | ||
| Microsoft Exchange Server 2010 Service Pack 3 | ||
| Microsoft Exchange Server 2013 Service Pack 1 | ||
| Microsoft Exchange Server 2013 Cumulative Update 12 | ||
| Microsoft Exchange Server 2016 Cumulative Update 1 | ||
| Microsoft Exchange Server 2013 Cumulative Update 13 | ||
| Microsoft Exchange Server 2016 Cumulative Update 2 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
Связанные уязвимости
Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging the Send As right, aka "Microsoft Exchange Information Disclosure Vulnerability."
Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging the Send As right, aka "Microsoft Exchange Information Disclosure Vulnerability."
Уязвимость почтового сервера Microsoft Exchange Server, позволяющая нарушителю получить доступ к защищаемой информации приложения Outlook
EPSS