Oval Definition:	oval:org.mitre.oval:def:19239
Revision Date: 2013-12-30 Version: 4 Title: S/MIME AIA Vulnerability (CVE-2013-3905) - MS13-094 Description: Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attackers to obtain sensitive network configuration and state information via a crafted certificate in an e-mail message, aka "S/MIME AIA Vulnerability." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2013-3905 Platform(s): Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP Product(s): Microsoft Outlook 2007 Microsoft Outlook 2010 Microsoft Outlook 2013 Definition Synopsis Outlook 2007 and vulnerable file version Microsoft Outlook 2007 SP3 is installed AND Check if the version of Exsec32.dll is less than 12.0.6685.5000 OR Outlook 2010 and vulnerable file version Outlook 2010 SP1 / SP2 Microsoft Outlook 2010 SP1 is installed OR Microsoft Outlook 2010 SP2 is installed AND Check if the version of Exsec32.dll is less than 14.0.7109.5000 OR Outlook 2013 and vulnerable file version Microsoft Outlook 2013 is installed AND Check if the version of Exsec32.dll is less than 15.0.4551.1001
BACK