CVE-2019-1084

Name of the Vulnerable Software and Affected Versions Microsoft Exchange (affected versions not specified)

Description An information disclosure issue exists due to Microsoft Exchange allowing the creation of entities with Display Names containing non-printable characters. An authenticated attacker could exploit this by creating entities with invalid display names, which remain invisible when added to conversations. The issue is addressed by validating display names upon creation in Microsoft Exchange and correctly rendering invalid display names in Microsoft Outlook clients.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.