CVE-2017-17689Sensitive Information Exposure in Microsoft Outlook

CWE-200Sensitive Information Exposure20 documents8 sources
Severity
5.9MEDIUMNVD
EPSS
0.4%
top 36.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Outlook
Timeline
PublishedMay 16
Latest updateSep 2

Description

The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

NVDmicrosoft/outlook4 versions+3

🔴Vulnerability Details

6
OSV
kmail vulnerabilities2025-09-02
OSV
kdepim vulnerabilities2025-09-02
OSV
kf5-messagelib vulnerabilities2025-09-02
GHSA
GHSA-xv45-9768-g2mm: The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL2022-05-13
OSV
CVE-2017-17689: The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL2018-05-16

📋Vendor Advisories

5
Ubuntu
PIM Messagelib vulnerabilities2025-09-02
Ubuntu
KDE PIM vulnerabilities2025-09-02
Ubuntu
KMail vulnerabilities2025-09-02
Red Hat
S/MIME: CBC gadget attacks allows to exfiltrate plaintext out of encrypted emails2018-05-14
Debian
CVE-2017-17689: evolution - The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadge...2017

💬Community

8
Bugzilla
CVE-2017-17688 CVE-2017-17689 thunderbird: various flaws [fedora-all]2018-05-14
Bugzilla
CVE-2017-17689 S/MIME: CBC gadget attacks allows to exfiltrate plaintext out of encrypted emails2018-05-14
Bugzilla
CVE-2017-17688 CVE-2017-17689 trojita: various flaws [fedora-all]2018-05-14
Bugzilla
CVE-2017-17688 CVE-2017-17689 thunderbird-enigmail: various flaws [fedora-all]2018-05-14
Bugzilla
CVE-2017-17688 CVE-2017-17689 kmail: various flaws [fedora-all]2018-05-14
CVE-2017-17689 — Sensitive Information Exposure | cvebase