CVE-2019-1084
Published: Jul 15, 2019
Modified: Aug 4, 2024
Description
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.
| Vendor | Product | Versions |
|---|---|---|
Microsoft | Microsoft Exchange Server | affected 2010 Service Pack 3 |
Microsoft | Microsoft Outlook | affected 2010 Service Pack 2 (32-bit editions)affected 2010 Service Pack 2 (64-bit editions)affected 2016 (32-bit edition)affected 2016 (64-bit edition)affected 2013 Service Pack 1 (32-bit editions)+1 more versions |
Microsoft | Microsoft Office | affected 2013 Service Pack 1 (32-bit editions)affected 2013 Service Pack 1 (64-bit editions)affected 2013 RT Service Pack 1affected 2016 for Macaffected 2016 (32-bit edition)+4 more versions |
Microsoft | Microsoft Lync | affected 2013 Service Pack 1 (32-bit)affected 2013 Service Pack 1 (64-bit) |
Microsoft | Microsoft Lync Basic | affected 2013 Service Pack 1 (32-bit)affected 2013 Service Pack 1 (64-bit) |
Microsoft | Microsoft Outlook for Android | affected unspecified |
Microsoft | Skype for Business | affected 2016 (32-bit)affected 2016 (64-bit) |
Microsoft | Skype for Business Basic | affected 2016 (32-bit)affected 2016 (64-bit) |
Microsoft | Office 365 ProPlus | affected 32-bit Systemsaffected 64-bit Systems |
Microsoft | Microsoft Exchange Server 2016 | affected Cumulative Update 12affected Cumulative Update 13 |
Microsoft | Microsoft Exchange Server 2019 | affected Cumulative Update 1affected Cumulative Update 2 |
Microsoft | Microsoft Exchange Server 2013 | affected Cumulative Update 23 |
Microsoft | Mail and Calendar | affected unspecified |
Microsoft | Outlook for iOS | affected unspecified |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now