vulnerability

Microsoft Exchange: CVE-2016-0138: Microsoft Outlook Information Disclosure Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	Sep 14, 2016	Aug 10, 2023	Oct 14, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Sep 14, 2016

Added

Aug 10, 2023

Modified

Oct 14, 2025

Description

Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging the Send As right, aka "Microsoft Exchange Information Disclosure Vulnerability."

Solutions

microsoft-exchange-exchange_server_2016_CU1-kb3184736microsoft-exchange-exchange_server_2016_CU2-kb3184736

References

BID-92806
CVE-2016-0138
https://attackerkb.com/topics/CVE-2016-0138
CWE-200
DISA_SEVERITY-Category I
IAVM-2016-A-0247
MS-MS16-108
https://support.microsoft.com/help/3184736

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report