Vulnerability

(MS13-094) Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514)

Publish date: November 21, 2013

CVE-2013-3905

SEVERITY

HIGH

//  ADVISORY DATE

21 NOV 2013


DESCRIPTION

This security update resolves a publicly disclosed vulnerability in Microsoft Outlook. The vulnerability could allow information disclosure if a user opens or previews a specially crafted email message using an affected edition of Microsoft Outlook. An attacker who successfully exploited this vulnerability could ascertain system information, such as the IP address and open TCP ports, from the target system and other systems that share the network with the target system.

SOLUTION

AFFECTED SOFTWARE AND VERSION

  • Microsoft Office 2007 Service Pack 3
  • Microsoft Office 2010 Service Pack 1 (32-bit editions)
  • Microsoft Office 2010 Service Pack 2 (32-bit editions)
  • Microsoft Office 2010 Service Pack 1 (64-bit editions)
  • Microsoft Office 2010 Service Pack 2 (64-bit editions)
  • Microsoft Office 2013 (32-bit editions)
  • Microsoft Office 2013 (64-bit editions)
  • Microsoft Office 2013 RT

Featured Stories

Connect with us on