Jul 2019:
CVE-2019-1084 Published on July 15, 2019

An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.

NVD

Products Associated with CVE-2019-1084

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-1084 are published in these products:

Microsoft Exchange Server

Microsoft Lync

Microsoft Lync Basic

Microsoft Mail And Calendar

Microsoft Office

Microsoft Office 365 Proplus

Microsoft Outlook

Microsoft Skype For Business

Microsoft Skype For Business Basic

Microsoft Exchange Server 2016

Microsoft Exchange Server 2019

Affected Versions

Microsoft Exchange Server:

Version 2010 Service Pack 3 is affected.

Microsoft Outlook:

Version 2010 Service Pack 2 (32-bit editions) is affected.
Version 2010 Service Pack 2 (64-bit editions) is affected.
Version 2016 (32-bit edition) is affected.
Version 2016 (64-bit edition) is affected.
Version 2013 Service Pack 1 (32-bit editions) is affected.
Version 2013 Service Pack 1 (64-bit editions) is affected.

Microsoft Office:

Version 2013 Service Pack 1 (32-bit editions) is affected.
Version 2013 Service Pack 1 (64-bit editions) is affected.
Version 2013 RT Service Pack 1 is affected.
Version 2016 for Mac is affected.
Version 2016 (32-bit edition) is affected.
Version 2016 (64-bit edition) is affected.
Version 2019 for 32-bit editions is affected.
Version 2019 for 64-bit editions is affected.
Version 2019 for Mac is affected.

Microsoft Lync:

Version 2013 Service Pack 1 (32-bit) is affected.
Version 2013 Service Pack 1 (64-bit) is affected.

Microsoft Lync Basic:

Version 2013 Service Pack 1 (32-bit) is affected.
Version 2013 Service Pack 1 (64-bit) is affected.

Microsoft Outlook for Android:

Version unspecified is affected.

Microsoft Skype for Business:

Version 2016 (32-bit) is affected.
Version 2016 (64-bit) is affected.

Microsoft Skype for Business Basic:

Version 2016 (32-bit) is affected.
Version 2016 (64-bit) is affected.

Microsoft Office 365 ProPlus:

Version 32-bit Systems is affected.
Version 64-bit Systems is affected.

Microsoft Exchange Server 2016:

Version Cumulative Update 12 is affected.
Version Cumulative Update 13 is affected.

Microsoft Exchange Server 2019:

Version Cumulative Update 1 is affected.
Version Cumulative Update 2 is affected.

Microsoft Exchange Server 2013:

Version Cumulative Update 23 is affected.

Microsoft Mail and Calendar:

Version unspecified is affected.

Microsoft Outlook for iOS:

Version unspecified is affected.

Exploit Probability

EPSS

9.03%

Percentile

92.47%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Jul 2019: CVE-2019-1084 Published on July 15, 2019

Products Associated with CVE-2019-1084

Affected Versions

Exploit Probability

Jul 2019:
CVE-2019-1084 Published on July 15, 2019