SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Client)  >   Microsoft Outlook Vendors:   Microsoft
Microsoft Outlook S/MIME Certificate Handling Flaw Lets Remote Users Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1029328
SecurityTracker URL:  http://securitytracker.com/id/1029328
CVE Reference:   CVE-2013-3905   (Links to External Site)
Date:  Nov 12 2013
Impact:   Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2007 SP3, 2010 SP1, 2010 SP2, 2013, 2013 RT
Description:   A vulnerability was reported in Microsoft Outlook. A remote user can obtain potentially sensitive information.

The system does not properly handle the expansion of S/MIME certificate metadata. A remote user can send an e-mail message with a specially crafted certificate that, when loaded by the target user, will obtain information from the target user's system and network. This may include IP address and open TCP ports.

Alexander Klink of n.runs professionals GmbH reported this vulnerability.

Impact:   A remote user can obtain potentially sensitive information, such as IP addresses and open TCP ports.
Solution:   The vendor has issued the following fixes:

Microsoft Outlook 2007 Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=fd5dc4b5-b188-4420-9d09-faf03507d8d5

Microsoft Outlook 2010 Service Pack 1 (32-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=2a3960f0-5094-45b4-9f63-180b991727dc

Microsoft Outlook 2010 Service Pack 2 (32-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=2a3960f0-5094-45b4-9f63-180b991727dc

Microsoft Outlook 2010 Service Pack 1 (64-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=74e035bb-cdcc-4ea6-a933-b4acd227ce85

Microsoft Outlook 2010 Service Pack 2 (64-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=74e035bb-cdcc-4ea6-a933-b4acd227ce85

Microsoft Outlook 2013 (32-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=ee644350-f64b-471a-a26b-79701b39a1b3

Microsoft Outlook 2013 (64-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=7c83b545-42ed-49d8-980a-8c2ad11e6e3c

A restart may be required.

The Microsoft advisory is available at:

http://technet.microsoft.com/en-us/security/bulletin/ms13-094

Vendor URL:  technet.microsoft.com/en-us/security/bulletin/ms13-094 (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC