CVE-2019-1084
CVE-2019-1084
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.
Affected products
Microsoft · Mail and CalendarMicrosoft · Microsoft Exchange ServerMicrosoft · Microsoft Exchange Server 2013Microsoft · Microsoft Exchange Server 2016Microsoft · Microsoft Exchange Server 2019Microsoft · Microsoft LyncMicrosoft · Microsoft Lync BasicMicrosoft · Microsoft OfficeMicrosoft · Microsoft OutlookMicrosoft · Microsoft Outlook for AndroidMicrosoft · Office 365 ProPlusMicrosoft · Outlook for iOSMicrosoft · Skype for BusinessMicrosoft · Skype for Business BasicWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →