vulnerability

Microsoft Exchange: CVE-2016-0138: Microsoft Outlook Information Disclosure Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	Sep 14, 2016	Aug 10, 2023	Oct 14, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Sep 14, 2016

Added

Aug 10, 2023

Modified

Oct 14, 2025

Description

Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging the Send As right, aka "Microsoft Exchange Information Disclosure Vulnerability."

Solutions

microsoft-exchange-exchange_server_2016_CU1-kb3184736microsoft-exchange-exchange_server_2016_CU2-kb3184736

References

BID-92806
CVE-2016-0138
https://attackerkb.com/topics/CVE-2016-0138
CWE-200
DISA_SEVERITY-Category I
IAVM-2016-A-0247
MS-MS16-108
URL-https://support.microsoft.com/help/3184736

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today