Information Disclosure in Microsoft Exchange Server 2013 and 2016
CVE-2016-0028

5.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Outlook Web Access
Vendor: CVE Published:; 16 June 2016

Summary

The vulnerability in Outlook Web Access (OWA) allows attackers to craft malicious HTML e-mail messages that can manipulate IMG elements, making it possible to track users without their consent. This exploitation could lead to unauthorized information disclosure, posing risks to user privacy and data security.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securitytracker.com/id/1036106

vdb-entryx_refsource_SECTRACK

EPSS Score

21% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 16, 2016
Vulnerability Reserved
Dec 4, 2015