CVE-2013-3905

Published Nov 13, 2013

Last updated 3 years ago

CVSS info 5.0

Overview

Description: Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attackers to obtain sensitive network configuration and state information via a crafted certificate in an e-mail message, aka "S/MIME AIA Vulnerability."
Source: secure@microsoft.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:outlook:2007:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B32CD31-398A-4078-8B5B-B39DB9DB9A35"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:outlook:2010:sp1:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "92BC9C1B-12DB-490E-BFFD-EAED658B8613"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:outlook:2010:sp1:*:*:*:x86:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99B1C3FD-27CF-43CD-9F25-1A1ED29E4DA0"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:outlook:2010:sp2:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "61826B69-4D5C-46DD-9F55-21A7C09A2819"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:outlook:2010:sp2:*:*:*:x86:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D8C49EA-7FF2-4393-A05A-ED3AD4796CD5"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:outlook:2013:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CD3770E-9513-43B2-BC9E-0CA3F63D59FB"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:outlook:2013:-:-:*:-:-:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "E7A98A6A-4A31-434D-A52E-3D6D87F97ECF"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:outlook:2013:-:-:*:-:-:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "6C13DD94-5F9A-4700-A170-28C48A78DEF0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References