CVE-2013-3905Sensitive Information Exposure in Microsoft Outlook

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
14.7%
top 5.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Outlook
Timeline
PublishedNov 13
Latest updateMay 13

Description

Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attackers to obtain sensitive network configuration and state information via a crafted certificate in an e-mail message, aka "S/MIME AIA Vulnerability."

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/outlook2007, 2010, 2013+2

🔴Vulnerability Details

2
GHSA
GHSA-6qr8-95p4-28hw: Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remot2022-05-13
CVEList
CVE-2013-3905: Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remot2013-11-13
CVE-2013-3905 — Sensitive Information Exposure | cvebase