← Back

CVE-2013-3905

nvd nist
Published: Nov 13, 2013Modified: Apr 29, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attackers to obtain sensitive network configuration and state information via a crafted certificate in an e-mail message, aka "S/MIME AIA Vulnerability."

Affected (8)

Products: Microsoft: Outlook
Microsoft
1 product
Outlook
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Outlook
Version 2007 sp3
Outlook
Version 2010 sp1
Outlook
Version 2010 sp1
Outlook
Version 2010 sp2
Outlook
Version 2010 sp2
Outlook
Version 2013
Outlook
Version 2013
Outlook
Version 2013

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

Source: secure@microsoft.com
US Government Resource
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.