120 matches found
CVE-2023-23397
CVE-2023-23397 is an Elevation of Privilege in Microsoft Outlook for Windows. Multiple connected sources describe exploitation via Outlook calendar reminders using a UNC path in the MAPI property PidLidReminderFileParameter, causing the victim to contact an attacker-controlled SMB share and leak ...
CVE-2015-1641
CVE-2015-1641 is a Microsoft Office memory-corruption vulnerability triggered by crafted RTF documents. Affected products include Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoin...
CVE-2017-11774
CVE-2017-11774 affects Microsoft Outlook clients (Outlook 2010 SP2, 2013 SP1/RT SP1, 2016) and enables code execution via Outlook home page/persistence vectors. The underlying issue is how Outlook handles in-memory objects, allowing an attacker to bypass security features and run arbitrary comman...
CVE-1999-0519
CVE-1999-0519 describes a Windows SMB/NETBIOS issue where a share password is default, null, or missing, enabling NULL session authentication bypass. Public sources (NVD, Red Hat, SUSE, OpenVAS/Nessus entries) consistently describe an authentication bypass risk tied to SMB/NETBIOS NULL sessions. ...
CVE-2023-35311
Technical details about CVE-2023-35311 are not publicly available in the provided connected documents. The sources confirm a Microsoft Outlook security feature bypass but do not specify root cause, affected versions, or fixes. Monitor for updates.
CVE-2023-36763
CVE-2023-36763 is a Microsoft Outlook information disclosure vulnerability. Public documentation identifies it as affecting Outlook 2016 (KB5002499) and related Office/Outlook components; severity is high (CVSSv3.1: 7.5, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The vulnerability orig...
CVE-2024-26204
CVE-2024-26204 relates to Outlook for Android and is an information-disclosure vulnerability caused by insufficient protection of service data in the Android client. Connected sources describe a remote, network-exploitable issue with high confidentiality impact (CVSS v3.1: 7.5), allowing an attac...
CVE-2024-21378
The connected document describes a GitHub exploit example for CVE-2024-21378 targeting Microsoft Outlook via Exchange Online. It claims to execute arbitrary code by delivering a malicious COM DLL embedded in a form attachment, loaded into the Outlook process after user interaction in the thick cl...
CVE-2020-16947
CVE-2020-16947 refers to a remote code execution vulnerability in Microsoft Outlook caused by improper handling of objects in memory. The issue can allow arbitrary code execution in the context of the targeted user, with higher impact if the user account has administrative rights. Exploitation re...
CVE-2019-1084
CVE-2019-1084 affects Microsoft Exchange (display name creation with non-printable characters) leading to information disclosure. Root cause: display names with invalid characters bypass visibility controls and can be added to conversations; impact is partial confidentiality exposure per CVSS dat...
CVE-2024-20670
CVE-2024-20670 affects Outlook for Windows and is described as a spoofing vulnerability in the Outlook client. The vulnerability can be exploited by sending a crafted email that coerces a user to interact, potentially leaking the user’s Net-NTLMv2 credentials and enabling authentication to an att...
CVE-2021-31941
CVE-2021-31941 is described as a Microsoft Office Graphics Remote Code Execution vulnerability. Public records show it as HIGH severity (CVSS3.1 base 7.8) with a LOCAL attack vector and user interaction required; the OpenVAS/Nessus entries reference Microsoft Office Graphics/RCE across various Of...
CVE-2020-0760
CVE-2020-0760 is a remote code execution vulnerability affecting Microsoft Office products (Word/Excel/PowerPoint/Visio) via improper loading of arbitrary type libraries. The root cause is how Office loads type libraries, which could allow an attacker to execute arbitrary code in the context of t...
CVE-2022-35742
CVE-2022-35742 is a Microsoft Outlook Denial of Service vulnerability. Public sources (CVE entry, MSRC update page, and third‑party summaries) describe it as a DoS that can crash the Outlook client when processing a crafted message. The vulnerability is reported to be exploitable via network‑deli...
CVE-2020-16949
CVE-2020-16949 is a denial-of-service flaw in Microsoft Outlook where improper handling of in-memory objects leads to remote DoS after receiving a crafted e‑mail. Public details from multiple sources confirm Outlook vulnerabilities across versions (notably Outlook 2013/KB4484524 references and MS...
CVE-2023-33131
CVE-2023-33131 is a Microsoft Outlook remote code execution vulnerability. Connected sources confirm affected product is Outlook (Office family) and describe exploitation via a malicious Word file delivered to Outlook users, with the exploit code example showing an AutoOpen macro invoking cmd.exe...
CVE-2021-31949
CVE-2021-31949 is a public Microsoft Outlook/Office RCE vulnerability. The connected KB update (KB5001934) documents that this vulnerability is resolved by the June 8, 2021 security update for Outlook 2013 (MSI-based), and notes it does not apply to the Office 2013 Click-to-Run editions (e.g., Mi...
CVE-2024-30103
CVE-2024-30103 is a confirmed Microsoft Outlook remote code execution vulnerability. The CVE affects Outlook components (e.g., Outlook.exe and related Office/Outlook binaries) and is exploitable remotely without user interaction via a crafted email, per the CVSS_3.1 metrics (AV:N/AC:L/PR:L/UI:N/S...
CVE-2023-36893
Technical details for CVE-2023-36893 are not provided in the connected documents. No explicit information on affected products, root cause, impact, or fixes is present. Monitor for updates from official sources.
CVE-2024-38020
CVE-2024-38020 is a Microsoft Office/Outlook spoofing vulnerability affecting Outlook components (Outlook/Office 2016). The issue allows an attacker to impersonate another user (spoofing) and, per accompanying advisories, is addressed by Microsoft security updates KB5002620/KB5002621 (Office 2016...
CVE-2022-24480
CVE-2022-24480 is an Elevation of Privilege vulnerability affecting Microsoft Outlook for Android. The provided documents identify Outlook for Android as the affected product and classify the issue as an Elevation of Privilege, with a CVSS v3.1 base score of 6.3 (Impact: Confidentiality, Integrit...
CVE-2013-3870
CVE-2013-3870 is a remote-code-execution vulnerability in Microsoft Outlook caused by a double-free in the S/MIME certificate parsing path. Affects Outlook 2007 SP3 and Outlook 2010 SP1/SP2 (Office/Outlook components). Exploitation could occur when processing specially crafted S/MIME email messag...
CVE-2004-0200
CVE-2004-0200 is a buffer-overflow vulnerability in the JPEG parsing engine of Microsoft GDI+ (GDIPlus.dll). The flaw allows remote code execution when a specially crafted JPEG image is processed, with the attack vector involving JPEG data that is mis-sized during a memory copy. The vulnerability...
CVE-2020-1349
CVE-2020-1349 is an Outlook remote code execution vulnerability. It arises from improper handling of objects in memory, enabling code execution with the caller’s privileges when a user opens a specially crafted file or views content via Preview Pane. Public documentation notes that an attacker co...
CVE-2020-1493
CVE-2020-1493 describes an information-disclosure flaw in Microsoft Outlook where attaching a file as a link can cause the attachment to be accessible to unauthorized recipients when emails are shared. The root cause is how Outlook handles attachment links, enabling exposure beyond the intended p...
CVE-2025-21357
CVE-2025-21357 affects Microsoft Outlook and is a Remote Code Execution vulnerability in Outlook components. Public documents confirm Outlook is the affected product and that the root cause relates to a code execution path within Outlook, with several security updates released by Microsoft (e.g.,...
CVE-2018-0851
CVE-2018-0851 affects multiple Microsoft Office versions: Office 2007 SP2, Word Viewer, Office 2010 SP2, Office 2013 SP1/RT SP1, Office 2016, and Office 2016 Click-to-Run. The vulnerability arises from how Office handles objects in memory, described as a memory corruption issue that enables remot...
CVE-2017-0204
CVE-2017-0204 affects Microsoft Outlook 2007 SP3, 2010 SP2, 2013 SP1, and 2016. The vulnerability is a security feature bypass where a specially crafted document bypasses Office Protected View by exploiting how Office handles file formats (security feature bypass). Impact described in connected d...
CVE-2006-0002
CVE-2006-0002 is a TNEF decoding vulnerability in Microsoft Outlook (2000–2003) and Microsoft Exchange Server (5.0 SP2, 5.5 SP4, 2000 SP3) where processing a crafted TNEF MIME attachment can lead to remote code execution. Root cause described as improper handling/validation of TNEF data, enabling...
CVE-2020-17119
CVE-2020-17119 is an Outlook information-disclosure vulnerability that is referenced across multiple feeds as part of the Microsoft Office updates for macOS (December 2020). The initial entry identifies Outlook Information Disclosure as the issue, while connected documents confirm the CVE is bund...
CVE-2013-3905
CVE-2013-3905 affects Microsoft Outlook components on Windows: Outlook 2007 SP3, 2010 SP1/SP2, 2013, and 2013 RT. The flaw is in how S/MIME certificate metadata is expanded, allowing remote attackers to obtain sensitive network configuration and state information by presenting a crafted S/MIME ce...
CVE-2020-1483
CVE-2020-1483 is a Microsoft Outlook remote code execution vulnerability caused by improper handling of in‑memory objects. An attacker could run code with the current user’s privileges; if the user has admin rights, the attacker could take full control of the system. Exploitation requires a user ...
CVE-2021-28452
CVE-2021-28452 is a Microsoft Outlook memory corruption vulnerability described by the NVD and Microsoft MSRs as affecting Outlook components and addressed by security updates. Public docs in the provided set confirm: (1) the issue is a memory corruption vulnerability in Outlook (Microsoft Office...
CVE-2017-17689
CVE-2017-17689 arises from S/MIME CBC gadget attacks (EFAIL) that can lead to plaintext exfiltration. Connected sources show this affecting KDE PIM/KMail components and related mail tooling across Linux/macOS ecosystems, with public advisories describing how S/MIME/CBC malleability could leak pla...
CVE-2019-1105
CVE-2019-1105 affects Microsoft Outlook for Android. The vulnerability arises from how the app parses specially crafted email messages, enabling an authenticated attacker to trigger cross-site scripting and run scripts in the security context of the current user. Exploitation is tied to parsing b...
CVE-2024-42220
CVE-2024-42220 affects Microsoft Outlook 16.83.3 for macOS. Talos reports a library injection vulnerability where a malicious library loaded via relative paths can run with Outlook’s entitlements, bypassing controls and permitting use of the app’s permissions. The root cause is library loading wi...
CVE-2025-29805
CVE-2025-29805 affects Outlook for Android and represents an information disclosure vulnerability where an unauthenticated attacker could access sensitive data over the network. Root cause: exposure of sensitive information to an unauthorized actor. CVSSv3.1 base score is 7.5 (HIGH); attack vecto...
CVE-2019-0559
Microsoft Outlook Information Disclosure Vulnerability (CVE-2019-0559) affects Outlook and Office suite components, arising from improper handling of certain messages. The vulnerability is described as an information disclosure issue with Confidentiality impact (C), per CVSS3 vector CVSS:3.0/AV:N...
CVE-2017-0106
CVE-2017-0106 affects Microsoft Office components (Excel 2007 SP3; Outlook 2010 SP2, 2013 SP1, 2016) and enables remote code execution or memory corruption via a crafted document. Connected vulnerability feeds corroborate Office family exposure and link the CVE to multiple MS security updates (e....
CVE-2019-1200
CVE-2019-1200 is a remote code execution flaw in Microsoft Outlook where memory handling of objects can be exploited by a specially crafted file. The issue could allow code execution in the current user’s security context if the targeted user opens the crafted file, with attack vectors including ...
CVE-2019-0560
This CVE-2019-0560 entry concerns a memory-based information disclosure in Microsoft Office and Office 365 ProPlus. Affected products are Microsoft Office components; root cause is improper handling of memory contents, enabling disclosure of sensitive data. Documented impact is information disclo...
CVE-2018-0791
CVE-2018-0791 affects Microsoft Outlook products (Outlook 2007, 2010, 2013, and 2016) and is a remote code execution flaw caused by the way email messages are parsed. The connected document notes this vulnerability is distinct from CVE-2018-0793, and describes the issue as a parsing-based RCE in ...
CVE-2017-17688
CVE-2017-17688 concerns an OpenPGP CFB gadget/malleability attack (EFAIL) that can lead to plaintext exfiltration from encrypted emails. Connected advisories show Enigmail/OpenPGP patches (e.g., openSUSE SUSE/OpenSUSE-2019-368/395; Thunderbird enigmail updates) addressing this vulnerability by ti...
CVE-2020-0696
Microsoft Outlook Security Feature Bypass (CVE-2020-0696) is described across multiple feeds as a vulnerability in how Outlook parses URI formats, categorized as a security feature bypass. No concrete exploit details, affected versions, or remediation steps are provided in the connected documents...
CVE-2024-38173
CVE-2024-38173 is an Outlook remote code execution vulnerability affecting Microsoft Outlook/Office (e.g., Outlook 2016). Exploitation details in connected sources are limited, but the CVSSv3.1 vector indicates Local access, High impact on confidentiality/integrity/availability, with User interac...
CVE-2025-21361
CVE-2025-21361 affects Microsoft Outlook for Mac (and related Outlook/Office deployments). Connected documents indicate a remote code execution vulnerability in Microsoft Outlook for Mac, with impact described as arbitrary code execution and high impact on confidentiality, integrity, and availabi...
CVE-2017-8506
CVE-2017-8506 is a remote code execution vulnerability affecting Microsoft Office/Outlook, tied to parsing of crafted Office content (email/attachments). The connected Nessus/MS security data links this CVE to Outlook parsing of specially crafted messages and notes that it is addressed by Microso...
CVE-2018-8582
CVE-2018-8582 is a remote code execution flaw in Microsoft Outlook that arises when parsing specially crafted rule export files. The underlying issue is in Outlook’s handling of objects during parsing, allowing an attacker to execute arbitrary code on the affected system. A successful exploit cou...
CVE-2017-8508
CVE-2017-8508 is a Microsoft Office security feature bypass vulnerability tied to improper handling/parsing of file formats. Connected documents explicitly list CVE-2017-8508 among Outlook/Office-related issues, showing that the bypass affects Office components when parsing certain file formats. ...
CVE-2025-21259
CVE-2025-21259 is a Microsoft Outlook spoofing vulnerability. Affected product: Microsoft Outlook. Underlying issue is spoofing in the Outlook UI. CVSSv3.1 base score is 5.3 (MEDIUM) with Network attack vector, Low attack complexity, no privileges required, no user interaction, and unchanged scop...