Microsoft Outlook Information Disclosure Vulnerability
CVE-2023-36763

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Office 2019; Microsoft 365 Apps For Enterprise; Microsoft Office Ltsc 2021; Microsoft Outlook 2016
Vendor: CVE Published:; 12 September 2023

Summary

The Microsoft Outlook information disclosure vulnerability allows an attacker to access sensitive information within potentially affected Outlook versions, heightening the risk of unauthorized data exposure. This issue arises from improper handling of certain email content, which can be exploited to reveal confidential details intended for exclusive use. Users are advised to implement recommended security updates to mitigate these risks and safeguard their personal and professional data.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office 2019 32-bit Systems 19.0.0

Microsoft Office LTSC 2021 x64-based Systems 16.0.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 12, 2023
Vulnerability Reserved
Jun 27, 2023