[Japanese]

JVNDB-2011-000040

Microsoft Outlook read receipt function vulnerability

Overview

Microsoft Outlook contains a vulnerability in the read receipt function.

Microsoft Outlook contains a vulnerability in the read receipt function. A read receipt may be sent unintentionally, notifying the sender that the email was received.

Ayako Kozakai of NTT DATA SECURITY CORPORATION reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Base Metrics: 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None

Affected Products


Microsoft Corporation
  • Microsoft Outlook 2003 Service Pack 3 and earlier
  • Microsoft Outlook 2007 Service Pack 1 and earlier

Impact

A spam distributor may use this information to determine whether an email address is valid or not.
Solution

[Upgrade the Software]
Upgrade Outlook or apply a Service Pack according to the information provided by the developer.
Vendor Information

Microsoft Corporation
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

References

  1. JVN : JVN#40382909
Revision History

[2011/06/16]
  Web page published