CVE-2020-1493: An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached…

medium5.5CVSS 3.1

AVLACLPRNUIRSUCHINAN

An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users. To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting. The security update addresses the vulnerability by correcting how Outlook handles file attachment links.

Affected

17 ranges

Vendor	Product	Version range	Fixed in
microsoft	microsoft_365_apps_for_enterprise	>= 16.0.1 < https://aka.ms/OfficeSecurityReleases	https://aka.ms/OfficeSecurityReleases
microsoft	microsoft_office_2019	>= 19.0.0 < https://aka.ms/OfficeSecurityReleases	https://aka.ms/OfficeSecurityReleases
microsoft	microsoft_outlook_2010_service_pack_2	>= 13.0.0.0 < publication	publication
microsoft	microsoft_outlook_2013_service_pack_1	>= 15.0.0.0 < publication	publication
microsoft	microsoft_outlook_2016	>= 16.0.0.0 < publication	publication
microsoft	office	—	—
microsoft	outlook	—	—
microsoft	outlook	—	—
microsoft	outlook	—	—
msrc	microsoft_365_apps_for_enterprise_for_32-bit_systems	—	—
msrc	microsoft_365_apps_for_enterprise_for_64-bit_systems	—	—
msrc	microsoft_office_2019_for_32-bit_editions	—	—
msrc	microsoft_office_2019_for_64-bit_editions	—	—
msrc	microsoft_outlook_2010_service_pack_2	—	—
msrc	microsoft_outlook_2013_rt_service_pack_1	—	—
msrc	microsoft_outlook_2013_service_pack_1	—	—
msrc	microsoft_outlook_2016	—	—