Information disclosure vulnerability in Microsoft Exchange Server via specially crafted tags in Calendar-related messages| ID: oval:org.secpod.oval:def:41991 | Date: (C)2017-09-13 (M)2024-03-26 |
| Class: VULNERABILITY | Family: windows |
An input sanitization issue exists with Microsoft Exchange Server that could potentially result in unintended Information Disclosure. An attacker who successfully exploited the vulnerability could identify the existence of RFC1918 addresses on the local network from a client on the Internet. An attacker could use this internal host information as part of a larger attack.
| Platform: |
| Microsoft Windows 10 |
| Microsoft Windows 7 |
| Microsoft Windows 8.1 |
| Microsoft Windows Server 2008 |
| Microsoft Windows Server 2008 R2 |
| Microsoft Windows Server 2012 |
| Microsoft Windows Server 2012 R2 |
| Microsoft Windows Server 2016 |
| Product: |
| Microsoft Exchange Server 2013 |
| Microsoft Exchange Server 2016 |
