Unrated severityNVD Advisory· Published Jul 15, 2019· Updated Aug 4, 2024
CVE-2019-1084
CVE-2019-1084
Description
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.
Affected products
15- Microsoft/Mail and Calendarv5Range: unspecified
2010 Service Pack 3+ 3 more
- (no CPE)range: 2010 Service Pack 3
- (no CPE)range: Cumulative Update 23
- (no CPE)range: Cumulative Update 12
- (no CPE)range: Cumulative Update 1
- Range: 2013 Service Pack 1 (32-bit editions)
- Range: unspecified
- Range: 32-bit Systems
- Range: unspecified
- Range: 2016 (32-bit)
- Range: 2016 (32-bit)
Patches
Vulnerability mechanics
References
1- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.