virus logo FortiClient Vulnerability

Microsoft Exchange CVE-2016-0028 Information Disclosure Vulnerability

description-logoDescription

An email filter bypass exists in the way that Microsoft Exchange parses HTML messages that could allow information disclosure. An attacker who successfully exploited the vulnerability could identify, fingerprint, and track a user online if the user views email messages using Outlook Web Access (OWA). An attacker could also combine this vulnerability with another one, such as a Cross-Site Request Forgery (CSRF), to amplify the attack. To exploit the vulnerability, an attacker could include specially crafted image URLs in OWA messages that could be loaded, without warning or filtering, from the attacker-controlled URL. This callback vector provides an information disclosure tactic used in web beacons and other types of tracking systems. The update corrects the way that Exchange parses HTML messages.

affected-products-logoAffected Applications

Microsoft Exchange Server 2013 Cumulative Update 12
Microsoft Exchange Server 2016
Microsoft Exchange Server 2013 Cumulative Update 11
Microsoft Exchange Server 2016 Cumulative Update 1
Microsoft Exchange Server 2013 Service Pack 1

CVE References

CVE-2016-0028

Other References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-0028
ID 55839
Created Dec 11, 2018
Description
Updated		 Dec 21, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor Microsoft
Patch auto
Application Microsoft Exchange Server 2013 Cumulative Update 12 , Microsoft Exchange Server 2016 , Microsoft Exchange Server 2013 Cumulative Update 11 , Microsoft Exchange Server 2016 Cumulative Update 1 , Microsoft Exchange Server 2013 Service Pack 1