CVE-2019-0559 - OpenCVE

An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Office Outlook Office 365 Proplus

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:office:2019:::::::*
	cpe:2.3:a:microsoft:office_365_proplus:-:::::::*
	cpe:2.3:a:microsoft:outlook:2010:sp2::::::
	cpe:2.3:a:microsoft:outlook:2013:sp1::::::
	cpe:2.3:a:microsoft:outlook:2013:sp1:::rt:::*
	cpe:2.3:a:microsoft:outlook:2016:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/106397	Third Party Advisory VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0559	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2019-01-08T21:00:00

Updated: 2019-01-09T10:57:01

Reserved: 2018-11-26T00:00:00

Link: CVE-2019-0559

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-01-08T21:29:01.160

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-0559

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "Microsoft Office", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "2019 for 32-bit editions"}, {"status": "affected", "version": "2019 for 64-bit editions"}]}, {"product": "Office", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "365 ProPlus for 32-bit Systems"}, {"status": "affected", "version": "365 ProPlus for 64-bit Systems"}]}, {"product": "Microsoft Outlook", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "2010 Service Pack 2 (32-bit editions)"}, {"status": "affected", "version": "2010 Service Pack 2 (64-bit editions)"}, {"status": "affected", "version": "2013 RT Service Pack 1"}, {"status": "affected", "version": "2013 Service Pack 1 (32-bit editions)"}, {"status": "affected", "version": "2013 Service Pack 1 (64-bit editions)"}, {"status": "affected", "version": "2016 (32-bit edition)"}, {"status": "affected", "version": "2016 (64-bit edition)"}]}], "datePublic": "2019-01-08T00:00:00", "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka \"Microsoft Outlook Information Disclosure Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-01-09T10:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "106397", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106397"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0559"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2019-0559", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Microsoft Office", "version": {"version_data": [{"version_value": "2019 for 32-bit editions"}, {"version_value": "2019 for 64-bit editions"}]}}, {"product_name": "Office", "version": {"version_data": [{"version_value": "365 ProPlus for 32-bit Systems"}, {"version_value": "365 ProPlus for 64-bit Systems"}]}}, {"product_name": "Microsoft Outlook", "version": {"version_data": [{"version_value": "2010 Service Pack 2 (32-bit editions)"}, {"version_value": "2010 Service Pack 2 (64-bit editions)"}, {"version_value": "2013 RT Service Pack 1"}, {"version_value": "2013 Service Pack 1 (32-bit editions)"}, {"version_value": "2013 Service Pack 1 (64-bit editions)"}, {"version_value": "2016 (32-bit edition)"}, {"version_value": "2016 (64-bit edition)"}]}}]}, "vendor_name": "Microsoft"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka \"Microsoft Outlook Information Disclosure Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "106397", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106397"}, {"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0559", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0559"}]}}}}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2019-0559", "datePublished": "2019-01-08T21:00:00", "dateReserved": "2018-11-26T00:00:00", "dateUpdated": "2019-01-09T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", "matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA035812-F35A-43F1-9A8D-EE02201AA10A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:outlook:2010:sp2:*:*:*:*:*:*", "matchCriteriaId": "F9A115C1-45EB-4688-AD7C-C1854850EE9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:*:*:*:*", "matchCriteriaId": "D7B6DF1E-0DDA-4809-B216-7CEFE0A53E2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:rt:*:*:*", "matchCriteriaId": "DDA98A76-D0D1-4BFA-BEAC-1C2313F7B859", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*", "matchCriteriaId": "E2B1657C-0FF4-461A-BE2A-641275C4B0A0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka \"Microsoft Outlook Information Disclosure Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook."}, {"lang": "es", "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando Microsoft Outlook gestiona incorrectamente determinados tipos de mensajes. Esto tambi\u00e9n se conoce como \"Microsoft Outlook Information Disclosure Vulnerability.\" Esto afecta a Office 365 ProPlus, Microsoft Office y Microsoft Outlook."}], "id": "CVE-2019-0559", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-08T21:29:01.160", "references": [{"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106397"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0559"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}