CVE-2019-0559

4 documents4 sources

Severity

6.5MEDIUM

EPSS

25.8%

top 3.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Office Microsoft Microsoft Outlook Microsoft Office +1 more

Timeline

PublishedJan 8

Latest updateMay 13

Description

An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶NVDmicrosoft/outlook2010, 2013, 2016+2

▶CVEListV5microsoft/microsoft_outlook7 versions+6

▶CVEListV5microsoft/office365 ProPlus for 32-bit Systems, 365 ProPlus for 64-bit Systems+1

▶NVDmicrosoft/office2019

▶CVEListV5microsoft/microsoft_office2019 for 32-bit editions, 2019 for 64-bit editions+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-f368-gpp8-3vwv: An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka "Microsoft Outlook Information↗2022-05-13

▶

CVEList

CVE-2019-0559: An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka "Microsoft Outlook Information↗2019-01-08

▶

📋Vendor Advisories

Microsoft

Microsoft Outlook Information Disclosure Vulnerability↗2019-01-08

▶