Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Microsoft Subscribe
Filtered by product Outlook Express
Total 45 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-1999-0967 1 Microsoft 3 Internet Explorer, Outlook Express, Windows Explorer 2022-08-17 10.0 HIGH N/A
Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol.
CVE-2002-0862 4 Adam Megacz, Baltimore Technologies, Kde and 1 more 16 Tinyssl, Mailsecure, Kde and 13 more 2021-07-23 7.5 HIGH N/A
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
CVE-2004-0526 1 Microsoft 4 Ie, Internet Explorer, Outlook and 1 more 2021-07-23 5.0 MEDIUM N/A
Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
CVE-2001-1325 1 Microsoft 2 Internet Explorer, Outlook Express 2021-07-23 7.5 HIGH N/A
Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH).
CVE-1999-1016 2 Microsoft, Qualcomm 4 Frontpage, Internet Explorer, Outlook Express and 1 more 2021-07-22 5.0 MEDIUM N/A
Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell.
CVE-2000-0329 1 Microsoft 4 Ie, Internet Explorer, Outlook and 1 more 2021-07-22 5.1 MEDIUM N/A
A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.
CVE-2001-0322 1 Microsoft 3 Internet Explorer, Outlook, Outlook Express 2021-07-22 5.0 MEDIUM N/A
MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object.
CVE-2007-3897 1 Microsoft 2 Outlook Express, Windows Mail 2019-10-09 9.3 HIGH N/A
Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.
CVE-2010-0816 1 Microsoft 10 Outlook Express, Windows 2000, Windows 2003 Server and 7 more 2019-02-26 9.3 HIGH N/A
Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlook Express and Windows Mail Integer Overflow Vulnerability."
CVE-2010-3147 1 Microsoft 7 Outlook Express, Windows 2003 Server, Windows 7 and 4 more 2019-02-26 9.3 HIGH N/A
Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
CVE-2006-0014 1 Microsoft 1 Outlook Express 2018-10-19 5.1 MEDIUM N/A
Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.
CVE-2006-2386 1 Microsoft 1 Outlook Express 2018-10-18 6.8 MEDIUM N/A
Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file.
CVE-2006-2111 1 Microsoft 1 Outlook Express 2018-10-18 4.3 MEDIUM N/A
A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability."
CVE-2007-2227 1 Microsoft 5 Outlook Express, Windows 2003 Server, Windows Mail and 2 more 2018-10-16 4.3 MEDIUM N/A
The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."
CVE-2007-2225 1 Microsoft 5 Outlook Express, Windows 2003 Server, Windows Mail and 2 more 2018-10-16 4.3 MEDIUM N/A
A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."
CVE-2008-1448 1 Microsoft 2 Outlook Express, Windows Mail 2018-10-12 7.1 HIGH N/A
The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."
CVE-2005-1213 1 Microsoft 1 Outlook Express 2018-10-12 7.5 HIGH N/A
Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.
CVE-2004-0215 2 Avaya, Microsoft 5 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 2 more 2018-10-12 5.0 MEDIUM N/A
Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.
CVE-2004-0380 1 Microsoft 1 Outlook Express 2018-10-12 10.0 HIGH N/A
The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."
CVE-2002-1179 1 Microsoft 1 Outlook Express 2018-10-12 7.5 HIGH N/A
Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message.