Total
45 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0152 | 1 Microsoft | 6 Entourage, Excel, Ie and 3 more | 2018-10-12 | 7.5 HIGH | N/A |
Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh. | |||||
CVE-2001-0145 | 1 Microsoft | 2 Outlook, Outlook Express | 2018-10-12 | 7.5 HIGH | N/A |
Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a malformed vCard birthday field. | |||||
CVE-2000-0567 | 1 Microsoft | 2 Outlook, Outlook Express | 2018-10-12 | 5.0 MEDIUM | N/A |
Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability. | |||||
CVE-2000-0036 | 1 Microsoft | 2 Ie, Outlook Express | 2018-10-12 | 5.0 MEDIUM | N/A |
Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability. | |||||
CVE-2000-0621 | 1 Microsoft | 2 Outlook, Outlook Express | 2018-10-12 | 7.5 HIGH | N/A |
Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability. | |||||
CVE-2000-0653 | 1 Microsoft | 1 Outlook Express | 2018-10-12 | 5.0 MEDIUM | N/A |
Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability. | |||||
CVE-2008-5424 | 1 Microsoft | 1 Outlook Express | 2018-10-11 | 4.3 MEDIUM | N/A |
The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173. | |||||
CVE-2001-0999 | 1 Microsoft | 1 Outlook Express | 2017-12-18 | 7.5 HIGH | N/A |
Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script. | |||||
CVE-2001-1088 | 1 Microsoft | 2 Outlook, Outlook Express | 2017-10-09 | 7.5 HIGH | N/A |
Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user. | |||||
CVE-2003-1378 | 1 Microsoft | 2 Outlook, Outlook Express | 2017-07-28 | 8.8 HIGH | N/A |
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077. | |||||
CVE-2004-2137 | 1 Microsoft | 1 Outlook Express | 2017-07-10 | 5.0 MEDIUM | N/A |
Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information. | |||||
CVE-2004-2694 | 1 Microsoft | 1 Outlook Express | 2016-10-17 | 5.8 MEDIUM | N/A |
Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top". | |||||
CVE-2003-0301 | 1 Microsoft | 1 Outlook Express | 2016-10-17 | 5.0 MEDIUM | N/A |
The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. | |||||
CVE-2003-0300 | 8 Microsoft, Mozilla, Mutt and 5 more | 8 Outlook Express, Mozilla, Mutt and 5 more | 2016-10-17 | 5.0 MEDIUM | N/A |
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. | |||||
CVE-2002-0285 | 1 Microsoft | 1 Outlook Express | 2016-10-17 | 7.5 HIGH | N/A |
Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers. | |||||
CVE-2001-0945 | 1 Microsoft | 1 Outlook Express | 2016-10-17 | 5.0 MEDIUM | N/A |
Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line. | |||||
CVE-1999-1164 | 1 Microsoft | 2 Outlook, Outlook Express | 2016-10-17 | 5.0 MEDIUM | N/A |
Microsoft Outlook client allows remote attackers to cause a denial of service by sending multiple email messages with the same X-UIDL headers, which causes Outlook to hang. | |||||
CVE-1999-1033 | 1 Microsoft | 1 Outlook Express | 2016-10-17 | 5.0 MEDIUM | N/A |
Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause Outlook to re-enter POP3 command mode and cause the POP3 session to hang. | |||||
CVE-2000-0105 | 1 Microsoft | 1 Outlook Express | 2008-09-10 | 5.0 MEDIUM | N/A |
Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers to view a user's email messages via a script that accesses a variable that references subsequent email messages that are read by the client. | |||||
CVE-2005-2226 | 1 Microsoft | 1 Outlook Express | 2008-09-05 | 5.0 MEDIUM | N/A |
Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information. |