Microsoft Exchange Information Disclosure Vulnerability - CVE-2019-1084ID: oval:org.secpod.oval:def:57245 | Date: (C)2019-07-10 (M)2024-05-03 |
Class: VULNERABILITY | Family: windows |
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients.
Platform: |
Microsoft Windows Server 2022 |
Microsoft Windows 11 |
Microsoft Windows 7 |
Microsoft Windows 8 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Vista |
Microsoft Windows 10 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Product: |
Microsoft Lync Basic 2013 |
Microsoft Office 2013 |
Microsoft Office 2016 |
Microsoft 365 Apps for Enterprise |
Microsoft Office 2019 |
Microsoft Outlook 2010 |
Microsoft Outlook 2013 |
Microsoft Outlook 2016 |
Skype for Business 2016 |
Microsoft Exchange Server 2016 |
Microsoft Exchange Server 2010 |
Microsoft Exchange Server 2013 |