Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft Outlook vulnerability could allow information disclosure


Report ID: MS201311007
Date Published: 13 November 2013

Criticality: Important
Compromise Type: information-disclosure
Compromise From: remote


Affected Product/Component:

Microsoft Outlook 2007
Microsoft Outlook 2010
Microsoft Outlook 2013
Microsoft Outlook 2013 RT




Summary

A vulnerability in Microsoft Outlook could lead to information disclosure, if successfully exploited.



Detailed Description

Microsoft has issued a security update to address a vulnerability reported in Microsoft Outlook. The vulnerability was caused by improper handling of the expansion of S/MIME certificate metadata which may allow the system information to be disclosed.

This issue has been fixed by correcting the way Microsoft Outlook parses S/MIME certificates in email messages. Users are recommended to install the latest update onto their system as a protection measure against exploit attempts.



CVE Reference

CVE-2013-3905



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-094)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.