PT-2013-4730 · Microsoft · Outlook

Alexander Klink

Published

2013-11-12

Updated

2021-08-30

CVE-2013-3905

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Microsoft Outlook versions 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT

Description The issue allows remote attackers to obtain sensitive network configuration and state information via a crafted certificate in an e-mail message. An attacker who successfully exploited this issue could ascertain system information, such as the IP address and open TCP ports, from the target system and other systems that share the network with the target system.

Recommendations For Microsoft Outlook versions 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT, at the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2013-3905

Affected Products

Outlook

PT-2013-4730 · Microsoft · Outlook

CVE-2013-3905

Weakness Enumeration

Related Identifiers

Affected Products

References · 6