CVE-2013-3905

Microsoft Outlook 2007 SP3, 2010 SP1/SP2, 2013 - Sensitive Information Exposure via S/MIME Certificate Metadata

Title source: llm
STIX 2.1

Description

Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attackers to obtain sensitive network configuration and state information via a crafted certificate in an e-mail message, aka "S/MIME AIA Vulnerability."

References (3)

Core 3
Core References
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/ncas/alerts/TA13-317A
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19239

Scores

EPSS 0.1186
EPSS Percentile 95.6%

Details

CWE
CWE-200
Status published
Products (3)
microsoft/outlook 2007 sp3
microsoft/outlook 2010 sp1 (4 CPE variants)
microsoft/outlook 2013 (3 CPE variants)
Published Nov 13, 2013
Tracked Since Feb 18, 2026