| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS13-094 | Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514) | Microsoft Office | Important | 13-11-2013 |
Technical Information
Brief overview of the risk:
The vulnerability could allow information disclosure if a user opens or previews a specially crafted email message using an affected edition of Microsoft Outlook. An attacker who successfully exploited this vulnerability could ascertain system information, such as the IP address and open TCP ports, from the target system and other systems that share the network with the target system.
Detailed Information on the risk:
An information disclosure vulnerability exists when Microsoft Outlook does not properly handle the expansion of S/MIME certificate metadata. An attacker who successfully exploited this vulnerability could ascertain system information, such as the IP address and open TCP ports, from the target system and other systems that share the network with the target system.
Further information on this exploit is available at : MS13-094
Affected Software
Microsoft Office 2007Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT