(MS13-094) Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514)

  Severity: HIGH
  CVE Identifier: CVE-2013-3905
  Advisory Date: NOV 21, 2013

  DESCRIPTION

This security update resolves a publicly disclosed vulnerability in Microsoft Outlook. The vulnerability could allow information disclosure if a user opens or previews a specially crafted email message using an affected edition of Microsoft Outlook. An attacker who successfully exploited this vulnerability could ascertain system information, such as the IP address and open TCP ports, from the target system and other systems that share the network with the target system.

  SOLUTION

  AFFECTED SOFTWARE AND VERSION

  • Microsoft Office 2007 Service Pack 3
  • Microsoft Office 2010 Service Pack 1 (32-bit editions)
  • Microsoft Office 2010 Service Pack 2 (32-bit editions)
  • Microsoft Office 2010 Service Pack 1 (64-bit editions)
  • Microsoft Office 2010 Service Pack 2 (64-bit editions)
  • Microsoft Office 2013 (32-bit editions)
  • Microsoft Office 2013 (64-bit editions)
  • Microsoft Office 2013 RT

Featured Stories