virus logo FortiClient Vulnerability

Microsoft Exchange CVE-2019-1084 Information Disclosure Vulnerability

description-logoDescription

An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients.

affected-products-logoAffected Applications

Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 x86
Microsoft Office 2016 x64
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2019 for 64-bit editions
Microsoft Outlook 2016 x86
Skype for Business 2016 Basic (64-bit)
Microsoft Outlook 2016 x64
Microsoft Lync 2013 Service Pack 1 (32-bit)
Microsoft Exchange Server 2016 Cumulative Update 13
Microsoft Exchange Server 2016 Cumulative Update 12
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Skype for Business 2016 Basic (32-bit)
Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Microsoft Lync 2013 Service Pack 1 (64-bit)
Office 365 ProPlus for 32-bit Systems
Office 365 ProPlus for 64-bit Systems
Microsoft Office 2019 for Mac
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Outlook 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2016 for Mac
Mail and Calendar
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Skype for Business 2016 (64-bit)
Skype for Business 2016 (32-bit)
Microsoft Outlook for Android
Microsoft Exchange Server 2019 Cumulative Update 2
Microsoft Exchange Server 2019 Cumulative Update 1
Microsoft Lync Basic 2013 Service Pack 1 (32-bit)
Outlook for iOS
Microsoft Office 2019 for 32-bit editions
Microsoft Outlook 2010 Service Pack 2 (32-bit editions)
Microsoft Exchange Server 2010 Service Pack 3
Microsoft Lync Basic 2013 Service Pack 1 (64-bit)

CVE References

CVE-2019-1084

Other References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1084
ID 58780
Created Jul 09, 2019
Description
Updated		 Dec 21, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor Microsoft
Patch auto
Application Microsoft Outlook 2013 Service Pack 1 (64-bit editions) , Microsoft Office 2016 x86 , Microsoft Office 2016 x64 , Microsoft Office 2013 RT Service Pack 1 , Microsoft Office 2019 for 64-bit editions , Microsoft Outlook 2016 x86 , Skype for Business 2016 Basic (64-bit) , Microsoft Outlook 2016 x64 , Microsoft Lync 2013 Service Pack 1 (32-bit) , Microsoft Exchange Server 2016 Cumulative Update 13 , Microsoft Exchange Server 2016 Cumulative Update 12 , Microsoft Office 2013 Service Pack 1 (64-bit editions) , Skype for Business 2016 Basic (32-bit) , Microsoft Outlook 2013 Service Pack 1 (32-bit editions) , Microsoft Lync 2013 Service Pack 1 (64-bit) , Office 365 ProPlus for 32-bit Systems , Office 365 ProPlus for 64-bit Systems , Microsoft Office 2019 for Mac , Microsoft Exchange Server 2013 Cumulative Update 23 , Microsoft Outlook 2010 Service Pack 2 (64-bit editions) , Microsoft Office 2016 for Mac , Mail and Calendar , Microsoft Office 2013 Service Pack 1 (32-bit editions) , Skype for Business 2016 (64-bit) , Skype for Business 2016 (32-bit) , Microsoft Outlook for Android , Microsoft Exchange Server 2019 Cumulative Update 2 , Microsoft Exchange Server 2019 Cumulative Update 1 , Microsoft Lync Basic 2013 Service Pack 1 (32-bit) , Outlook for iOS , Microsoft Office 2019 for 32-bit editions , Microsoft Outlook 2010 Service Pack 2 (32-bit editions) , Microsoft Exchange Server 2010 Service Pack 3 , Microsoft Lync Basic 2013 Service Pack 1 (64-bit)