Microsoft Office Outlook for Mac vulnerability could allow information disclosure
Report ID: MS201303006
Date Published: 13 March 2013
Criticality: Important
Compromise Type: information-disclosure
Compromise From: remote
Affected Product/Component:
Microsoft Office for Mac 2008
Microsoft Office for Mac 2010
Summary
A vulnerability in Microsoft Outlook for Mac could allow an attacker to confirm that a targeted email account is valid and the email that he sent to the target has been read.
Detailed Description
Microsoft has issued a security update for Microsoft Outlook for Mac to address a reported vulnerability that could disclose private information to the attacker. The vulnerability existed when a user previews or read an email message and Outlook for Mac allows the content from a remote server to be loaded without user interaction. Upon successful exploitation, the attacker could be able to confirm that a targeted email account is valid and the email that he sent to the target has been read.
The latest security update has resolved this issue by ensuring that Outlook for Mac does not download content from external source without the user's consent. As a protection from possible exploit attemtps, users are recommended to install the latest update onto their system.
CVE Reference
CVE-2013-0095
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-026)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.
