CVE-2019-1084

CVE Database · CVE-2019-1084

CVE-2019-1084

· N/AModified

CVSS v3.1

N/A

EPSS

5.33%

Published

Jul 15, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.

Weaknesses (CWE)

CWE-200

Affected Products (22)

microsoft · exchange_servervulnerable

microsoft · lyncvulnerable

microsoft · lync_basicvulnerable

microsoft · mail_and_calendarvulnerable

microsoft · officevulnerable

References (2)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084

PatchVendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs