Unrated severityNVD Advisory· Published Jul 15, 2019· Updated Aug 4, 2024

CVE-2019-1084

Description

An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.

Affected products

Microsoft/Mail and Calendarv5
Range: unspecified
Microsoft/Exchange Servercpe-rescue
Range: 2010 Service Pack 3
Microsoft/Microsoft Exchange Server 2013v5
Range: Cumulative Update 23
Microsoft/Microsoft Exchange Server 2016v5
Range: Cumulative Update 12
Microsoft/Microsoft Exchange Server 2019v5
Range: Cumulative Update 1
Microsoft/Microsoft Lyncv5
Range: 2013 Service Pack 1 (32-bit)
Microsoft/Microsoft Lync Basicv5
Range: 2013 Service Pack 1 (32-bit)
Microsoft/Microsoft Office Visiocpe-rescue
Range: 2013 Service Pack 1 (32-bit editions)
Microsoft/Microsoft Outlookv5
Range: 2010 Service Pack 2 (32-bit editions)
Microsoft/Outlook for Androidcpe-rescue
Range: unspecified
Microsoft/Office 365 ProPlusv5
Range: 32-bit Systems
Microsoft/Outlook for iOSv5
Range: unspecified
Microsoft/Skype For Businesscpe-rescue
Range: 2016 (32-bit)
Microsoft/Skype For Business Basiccpe-rescue
Range: 2016 (32-bit)

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000