VYPR
Medium severity4.3NVD Advisory· Published Sep 14, 2016· Updated Jun 17, 2026

CVE-2016-0138

CVE-2016-0138

Description

Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging the Send As right, aka "Microsoft Exchange Information Disclosure Vulnerability."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

8
  • cpe:2.3:a:microsoft:exchange_server:2007:sp3:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:microsoft:exchange_server:2007:sp3:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:exchange_server:2010:sp3:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_12:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_13:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:exchange_server:2013:sp1:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_1:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_2:*:*:*:*:*:*
    • (no CPE)range: 2007 SP3, 2010 SP3, 2013 SP1, 2013 CU12, 2013 CU13, 2016 CU1, 2016 CU2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.