Vulnerability in Microsoft Mail And Calendar
CVE-2019-1084
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid displ…
EPSS: 0.090 (92.8th percentile) — read the EPSS interpretation.
Affected products
- Microsoft Mail And Calendar — versions unspecified
- Microsoft Exchange Server — versions 2010 Service Pack 3
- Microsoft Exchange Server 2013 — versions Cumulative Update 23
- Microsoft Exchange Server 2016 — versions Cumulative Update 12, Cumulative Update 13
- Microsoft Exchange Server 2019 — versions Cumulative Update 1, Cumulative Update 2
- Microsoft Lync — versions 2013 Service Pack 1 (32-bit), 2013 Service Pack 1 (64-bit)
- Microsoft Lync Basic — versions 2013 Service Pack 1 (32-bit), 2013 Service Pack 1 (64-bit)
- Microsoft Office — versions 2013 Service Pack 1 (32-bit editions), 2013 Service Pack 1 (64-bit editions), 2013 RT Service Pack 1
- Microsoft Outlook — versions 2010 Service Pack 2 (32-bit editions), 2010 Service Pack 2 (64-bit editions), 2016 (32-bit edition)
- Microsoft Outlook For Android — versions unspecified
References
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084 (x_refsource_MISC)