Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft Office Outlook for Mac vulnerability could allow information disclosure


Report ID: MS201303006
Date Published: 13 March 2013

Criticality: Important
Compromise Type: information-disclosure
Compromise From: remote


Affected Product/Component:

Microsoft Office for Mac 2008
Microsoft Office for Mac 2010




Summary

A vulnerability in Microsoft Outlook for Mac could allow an attacker to confirm that a targeted email account is valid and the email that he sent to the target has been read.



Detailed Description

Microsoft has issued a security update for Microsoft Outlook for Mac to address a reported vulnerability that could disclose private information to the attacker. The vulnerability existed when a user previews or read an email message and Outlook for Mac allows the content from a remote server to be loaded without user interaction. Upon successful exploitation, the attacker could be able to confirm that a targeted email account is valid and the email that he sent to the target has been read.

The latest security update has resolved this issue by ensuring that Outlook for Mac does not download content from external source without the user's consent. As a protection from possible exploit attemtps, users are recommended to install the latest update onto their system.



CVE Reference

CVE-2013-0095



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-026)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.