Lucene search
K
MicrosoftOutlook

120 matches found

CVE
CVE
added 2023/03/14 4:55 p.m.2002 views

CVE-2023-23397

CVE-2023-23397 is an Elevation of Privilege in Microsoft Outlook for Windows. Multiple connected sources describe exploitation via Outlook calendar reminders using a UNC path in the MAPI property PidLidReminderFileParameter, causing the victim to contact an attacker-controlled SMB share and leak ...

9.8CVSS8.3AI score0.97408EPSS
In wild
CVE
CVE
added 2015/04/14 8:0 p.m.1220 views

CVE-2015-1641

CVE-2015-1641 is a Microsoft Office memory-corruption vulnerability triggered by crafted RTF documents. Affected products include Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoin...

9.3CVSS9.4AI score0.9679EPSS
In wild
CVE
CVE
added 2017/10/13 1:0 p.m.1149 views

CVE-2017-11774

CVE-2017-11774 affects Microsoft Outlook clients (Outlook 2010 SP2, 2013 SP1/RT SP1, 2016) and enables code execution via Outlook home page/persistence vectors. The underlying issue is how Outlook handles in-memory objects, allowing an attacker to bypass security features and run arbitrary comman...

7.8CVSS7.7AI score0.59893EPSS
In wildWeb
CVE
CVE
added 2000/02/04 5:0 a.m.752 views

CVE-1999-0519

CVE-1999-0519 describes a Windows SMB/NETBIOS issue where a share password is default, null, or missing, enabling NULL session authentication bypass. Public sources (NVD, Red Hat, SUSE, OpenVAS/Nessus entries) consistently describe an authentication bypass risk tied to SMB/NETBIOS NULL sessions. ...

7.5CVSS6.8AI score0.05673EPSS
CVE
CVE
added 2023/07/11 5:3 p.m.638 views

CVE-2023-35311

Technical details about CVE-2023-35311 are not publicly available in the provided connected documents. The sources confirm a Microsoft Outlook security feature bypass but do not specify root cause, affected versions, or fixes. Monitor for updates.

8.8CVSS7.9AI score0.15966EPSS
In wild
CVE
CVE
added 2023/09/12 4:58 p.m.511 views

CVE-2023-36763

CVE-2023-36763 is a Microsoft Outlook information disclosure vulnerability. Public documentation identifies it as affecting Outlook 2016 (KB5002499) and related Office/Outlook components; severity is high (CVSSv3.1: 7.5, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The vulnerability orig...

7.5CVSS7.2AI score0.01908EPSS
CVE
CVE
added 2024/03/12 4:58 p.m.323 views

CVE-2024-26204

CVE-2024-26204 relates to Outlook for Android and is an information-disclosure vulnerability caused by insufficient protection of service data in the Android client. Connected sources describe a remote, network-exploitable issue with high confidentiality impact (CVSS v3.1: 7.5), allowing an attac...

7.5CVSS7.3AI score0.02136EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.305 views

CVE-2024-21378

The connected document describes a GitHub exploit example for CVE-2024-21378 targeting Microsoft Outlook via Exchange Online. It claims to execute arbitrary code by delivering a malicious COM DLL embedded in a form attachment, loaded into the Outlook process after user interaction in the thick cl...

8.8CVSS7.8AI score0.11064EPSS
CVE
CVE
added 2020/10/16 12:0 a.m.280 views

CVE-2020-16947

CVE-2020-16947 refers to a remote code execution vulnerability in Microsoft Outlook caused by improper handling of objects in memory. The issue can allow arbitrary code execution in the context of the targeted user, with higher impact if the user account has administrative rights. Exploitation re...

9.3CVSS9.1AI score0.33551EPSS
CVE
CVE
added 2019/07/15 6:56 p.m.275 views

CVE-2019-1084

CVE-2019-1084 affects Microsoft Exchange (display name creation with non-printable characters) leading to information disclosure. Root cause: display names with invalid characters bypass visibility controls and can be added to conversations; impact is partial confidentiality exposure per CVSS dat...

6.5CVSS5.3AI score0.05328EPSS
CVE
CVE
added 2024/04/09 5:1 p.m.243 views

CVE-2024-20670

CVE-2024-20670 affects Outlook for Windows and is described as a spoofing vulnerability in the Outlook client. The vulnerability can be exploited by sending a crafted email that coerces a user to interact, potentially leaking the user’s Net-NTLMv2 credentials and enabling authentication to an att...

8.1CVSS8AI score0.02309EPSS
CVE
CVE
added 2021/06/08 10:46 p.m.221 views

CVE-2021-31941

CVE-2021-31941 is described as a Microsoft Office Graphics Remote Code Execution vulnerability. Public records show it as HIGH severity (CVSS3.1 base 7.8) with a LOCAL attack vector and user interaction required; the OpenVAS/Nessus entries reference Microsoft Office Graphics/RCE across various Of...

7.8CVSS7.6AI score0.02928EPSS
CVE
CVE
added 2020/04/15 3:12 p.m.206 views

CVE-2020-0760

CVE-2020-0760 is a remote code execution vulnerability affecting Microsoft Office products (Word/Excel/PowerPoint/Visio) via improper loading of arbitrary type libraries. The root cause is how Office loads type libraries, which could allow an attacker to execute arbitrary code in the context of t...

8.8CVSS8.5AI score0.0861EPSS
CVE
CVE
added 2023/06/01 1:9 a.m.193 views

CVE-2022-35742

CVE-2022-35742 is a Microsoft Outlook Denial of Service vulnerability. Public sources (CVE entry, MSRC update page, and third‑party summaries) describe it as a DoS that can crash the Outlook client when processing a crafted message. The vulnerability is reported to be exploitable via network‑deli...

7.5CVSS7.3AI score0.22441EPSS
CVE
CVE
added 2020/10/16 10:18 p.m.186 views

CVE-2020-16949

CVE-2020-16949 is a denial-of-service flaw in Microsoft Outlook where improper handling of in-memory objects leads to remote DoS after receiving a crafted e‑mail. Public details from multiple sources confirm Outlook vulnerabilities across versions (notably Outlook 2013/KB4484524 references and MS...

7.5CVSS5.1AI score0.02968EPSS
CVE
CVE
added 2023/06/13 11:26 p.m.185 views

CVE-2023-33131

CVE-2023-33131 is a Microsoft Outlook remote code execution vulnerability. Connected sources confirm affected product is Outlook (Office family) and describe exploitation via a malicious Word file delivered to Outlook users, with the exploit code example showing an AutoOpen macro invoking cmd.exe...

8.8CVSS8.7AI score0.05718EPSS
CVE
CVE
added 2021/06/08 10:46 p.m.179 views

CVE-2021-31949

CVE-2021-31949 is a public Microsoft Outlook/Office RCE vulnerability. The connected KB update (KB5001934) documents that this vulnerability is resolved by the June 8, 2021 security update for Outlook 2013 (MSI-based), and notes it does not apply to the Office 2013 Click-to-Run editions (e.g., Mi...

7.8CVSS7.2AI score0.02567EPSS
CVE
CVE
added 2024/06/11 5:0 p.m.170 views

CVE-2024-30103

CVE-2024-30103 is a confirmed Microsoft Outlook remote code execution vulnerability. The CVE affects Outlook components (e.g., Outlook.exe and related Office/Outlook binaries) and is exploitable remotely without user interaction via a crafted email, per the CVSS_3.1 metrics (AV:N/AC:L/PR:L/UI:N/S...

8.8CVSS8.9AI score0.03446EPSS
CVE
CVE
added 2023/08/08 5:8 p.m.166 views

CVE-2023-36893

Technical details for CVE-2023-36893 are not provided in the connected documents. No explicit information on affected products, root cause, impact, or fixes is present. Monitor for updates from official sources.

6.5CVSS6.5AI score0.01969EPSS
CVE
CVE
added 2024/07/09 5:3 p.m.164 views

CVE-2024-38020

CVE-2024-38020 is a Microsoft Office/Outlook spoofing vulnerability affecting Outlook components (Outlook/Office 2016). The issue allows an attacker to impersonate another user (spoofing) and, per accompanying advisories, is addressed by Microsoft security updates KB5002620/KB5002621 (Office 2016...

6.5CVSS6.8AI score0.01841EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.163 views

CVE-2022-24480

CVE-2022-24480 is an Elevation of Privilege vulnerability affecting Microsoft Outlook for Android. The provided documents identify Outlook for Android as the affected product and classify the issue as an Elevation of Privilege, with a CVSS v3.1 base score of 6.3 (Impact: Confidentiality, Integrit...

6.3CVSS6.6AI score0.00538EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.162 views

CVE-2013-3870

CVE-2013-3870 is a remote-code-execution vulnerability in Microsoft Outlook caused by a double-free in the S/MIME certificate parsing path. Affects Outlook 2007 SP3 and Outlook 2010 SP1/SP2 (Office/Outlook components). Exploitation could occur when processing specially crafted S/MIME email messag...

9.3CVSS7.6AI score0.18642EPSS
CVE
CVE
added 2004/09/17 4:0 a.m.153 views

CVE-2004-0200

CVE-2004-0200 is a buffer-overflow vulnerability in the JPEG parsing engine of Microsoft GDI+ (GDIPlus.dll). The flaw allows remote code execution when a specially crafted JPEG image is processed, with the attack vector involving JPEG data that is mis-sized during a memory copy. The vulnerability...

9.3CVSS7.6AI score0.49024EPSS
CVE
CVE
added 2020/07/14 12:0 a.m.152 views

CVE-2020-1349

CVE-2020-1349 is an Outlook remote code execution vulnerability. It arises from improper handling of objects in memory, enabling code execution with the caller’s privileges when a user opens a specially crafted file or views content via Preview Pane. Public documentation notes that an attacker co...

7.8CVSS7.9AI score0.22501EPSS
CVE
CVE
added 2020/08/17 12:0 a.m.151 views

CVE-2020-1493

CVE-2020-1493 describes an information-disclosure flaw in Microsoft Outlook where attaching a file as a link can cause the attachment to be accessible to unauthorized recipients when emails are shared. The root cause is how Outlook handles attachment links, enabling exposure beyond the intended p...

5.5CVSS6.6AI score0.07296EPSS
CVE
CVE
added 2025/01/14 6:4 p.m.149 views

CVE-2025-21357

CVE-2025-21357 affects Microsoft Outlook and is a Remote Code Execution vulnerability in Outlook components. Public documents confirm Outlook is the affected product and that the root cause relates to a code execution path within Outlook, with several security updates released by Microsoft (e.g.,...

6.7CVSS6.7AI score0.00551EPSS
CVE
CVE
added 2018/02/15 2:0 a.m.141 views

CVE-2018-0851

CVE-2018-0851 affects multiple Microsoft Office versions: Office 2007 SP2, Word Viewer, Office 2010 SP2, Office 2013 SP1/RT SP1, Office 2016, and Office 2016 Click-to-Run. The vulnerability arises from how Office handles objects in memory, described as a memory corruption issue that enables remot...

9.3CVSS8.7AI score0.19536EPSS
CVE
CVE
added 2017/04/12 2:0 p.m.140 views

CVE-2017-0204

CVE-2017-0204 affects Microsoft Outlook 2007 SP3, 2010 SP2, 2013 SP1, and 2016. The vulnerability is a security feature bypass where a specially crafted document bypasses Office Protected View by exploiting how Office handles file formats (security feature bypass). Impact described in connected d...

5.5CVSS5.9AI score0.19011EPSS
CVE
CVE
added 2006/01/10 10:0 p.m.135 views

CVE-2006-0002

CVE-2006-0002 is a TNEF decoding vulnerability in Microsoft Outlook (2000–2003) and Microsoft Exchange Server (5.0 SP2, 5.5 SP4, 2000 SP3) where processing a crafted TNEF MIME attachment can lead to remote code execution. Root cause described as improper handling/validation of TNEF data, enabling...

7.5CVSS7.3AI score0.45584EPSS
CVE
CVE
added 2020/12/09 11:36 p.m.135 views

CVE-2020-17119

CVE-2020-17119 is an Outlook information-disclosure vulnerability that is referenced across multiple feeds as part of the Microsoft Office updates for macOS (December 2020). The initial entry identifies Outlook Information Disclosure as the issue, while connected documents confirm the CVE is bund...

7.5CVSS6.2AI score0.04131EPSS
CVE
CVE
added 2013/11/13 12:0 a.m.134 views

CVE-2013-3905

CVE-2013-3905 affects Microsoft Outlook components on Windows: Outlook 2007 SP3, 2010 SP1/SP2, 2013, and 2013 RT. The flaw is in how S/MIME certificate metadata is expanded, allowing remote attackers to obtain sensitive network configuration and state information by presenting a crafted S/MIME ce...

5CVSS5.9AI score0.11857EPSS
CVE
CVE
added 2020/08/17 7:13 p.m.129 views

CVE-2020-1483

CVE-2020-1483 is a Microsoft Outlook remote code execution vulnerability caused by improper handling of in‑memory objects. An attacker could run code with the current user’s privileges; if the user has admin rights, the attacker could take full control of the system. Exploitation requires a user ...

9.3CVSS7.9AI score0.08876EPSS
CVE
CVE
added 2021/04/13 7:33 p.m.127 views

CVE-2021-28452

CVE-2021-28452 is a Microsoft Outlook memory corruption vulnerability described by the NVD and Microsoft MSRs as affecting Outlook components and addressed by security updates. Public docs in the provided set confirm: (1) the issue is a memory corruption vulnerability in Outlook (Microsoft Office...

7.8CVSS6.7AI score0.01295EPSS
CVE
CVE
added 2018/05/16 7:0 p.m.126 views

CVE-2017-17689

CVE-2017-17689 arises from S/MIME CBC gadget attacks (EFAIL) that can lead to plaintext exfiltration. Connected sources show this affecting KDE PIM/KMail components and related mail tooling across Linux/macOS ecosystems, with public advisories describing how S/MIME/CBC malleability could leak pla...

5.9CVSS5.6AI score0.04219EPSS
CVE
CVE
added 2019/07/29 2:7 p.m.120 views

CVE-2019-1105

CVE-2019-1105 affects Microsoft Outlook for Android. The vulnerability arises from how the app parses specially crafted email messages, enabling an authenticated attacker to trigger cross-site scripting and run scripts in the security context of the current user. Exploitation is tied to parsing b...

5.4CVSS5AI score0.01817EPSS
CVE
CVE
added 2024/12/18 10:40 p.m.115 views

CVE-2024-42220

CVE-2024-42220 affects Microsoft Outlook 16.83.3 for macOS. Talos reports a library injection vulnerability where a malicious library loaded via relative paths can run with Outlook’s entitlements, bypassing controls and permitting use of the app’s permissions. The root cause is library loading wi...

9.1CVSS6.9AI score0.00722EPSS
CVE
CVE
added 2025/04/08 5:24 p.m.114 views

CVE-2025-29805

CVE-2025-29805 affects Outlook for Android and represents an information disclosure vulnerability where an unauthenticated attacker could access sensitive data over the network. Root cause: exposure of sensitive information to an unauthorized actor. CVSSv3.1 base score is 7.5 (HIGH); attack vecto...

7.5CVSS6.5AI score0.01409EPSS
CVE
CVE
added 2019/01/08 9:0 p.m.113 views

CVE-2019-0559

Microsoft Outlook Information Disclosure Vulnerability (CVE-2019-0559) affects Outlook and Office suite components, arising from improper handling of certain messages. The vulnerability is described as an information disclosure issue with Confidentiality impact (C), per CVSS3 vector CVSS:3.0/AV:N...

6.5CVSS5.9AI score0.06783EPSS
CVE
CVE
added 2017/04/12 2:0 p.m.112 views

CVE-2017-0106

CVE-2017-0106 affects Microsoft Office components (Excel 2007 SP3; Outlook 2010 SP2, 2013 SP1, 2016) and enables remote code execution or memory corruption via a crafted document. Connected vulnerability feeds corroborate Office family exposure and link the CVE to multiple MS security updates (e....

9.3CVSS7.7AI score0.28355EPSS
CVE
CVE
added 2019/08/14 8:55 p.m.112 views

CVE-2019-1200

CVE-2019-1200 is a remote code execution flaw in Microsoft Outlook where memory handling of objects can be exploited by a specially crafted file. The issue could allow code execution in the current user’s security context if the targeted user opens the crafted file, with attack vectors including ...

9.3CVSS8.1AI score0.04646EPSS
CVE
CVE
added 2019/01/08 9:0 p.m.111 views

CVE-2019-0560

This CVE-2019-0560 entry concerns a memory-based information disclosure in Microsoft Office and Office 365 ProPlus. Affected products are Microsoft Office components; root cause is improper handling of memory contents, enabling disclosure of sensitive data. Documented impact is information disclo...

5.5CVSS5.1AI score0.08729EPSS
CVE
CVE
added 2018/01/10 1:0 a.m.109 views

CVE-2018-0791

CVE-2018-0791 affects Microsoft Outlook products (Outlook 2007, 2010, 2013, and 2016) and is a remote code execution flaw caused by the way email messages are parsed. The connected document notes this vulnerability is distinct from CVE-2018-0793, and describes the issue as a parsing-based RCE in ...

9.3CVSS8.3AI score0.2057EPSS
CVE
CVE
added 2018/05/16 7:0 p.m.108 views

CVE-2017-17688

CVE-2017-17688 concerns an OpenPGP CFB gadget/malleability attack (EFAIL) that can lead to plaintext exfiltration from encrypted emails. Connected advisories show Enigmail/OpenPGP patches (e.g., openSUSE SUSE/OpenSUSE-2019-368/395; Thunderbird enigmail updates) addressing this vulnerability by ti...

5.9CVSS5.7AI score0.05572EPSS
CVE
CVE
added 2020/02/11 9:23 p.m.108 views

CVE-2020-0696

Microsoft Outlook Security Feature Bypass (CVE-2020-0696) is described across multiple feeds as a vulnerability in how Outlook parses URI formats, categorized as a security feature bypass. No concrete exploit details, affected versions, or remediation steps are provided in the connected documents...

6.5CVSS6.4AI score0.04992EPSS
CVE
CVE
added 2024/08/13 5:30 p.m.108 views

CVE-2024-38173

CVE-2024-38173 is an Outlook remote code execution vulnerability affecting Microsoft Outlook/Office (e.g., Outlook 2016). Exploitation details in connected sources are limited, but the CVSSv3.1 vector indicates Local access, High impact on confidentiality/integrity/availability, with User interac...

6.7CVSS6.7AI score0.00664EPSS
CVE
CVE
added 2025/01/14 6:4 p.m.106 views

CVE-2025-21361

CVE-2025-21361 affects Microsoft Outlook for Mac (and related Outlook/Office deployments). Connected documents indicate a remote code execution vulnerability in Microsoft Outlook for Mac, with impact described as arbitrary code execution and high impact on confidentiality, integrity, and availabi...

7.8CVSS7.8AI score0.00732EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.104 views

CVE-2017-8506

CVE-2017-8506 is a remote code execution vulnerability affecting Microsoft Office/Outlook, tied to parsing of crafted Office content (email/attachments). The connected Nessus/MS security data links this CVE to Outlook parsing of specially crafted messages and notes that it is addressed by Microso...

9.3CVSS6.8AI score0.24171EPSS
CVE
CVE
added 2018/11/14 1:0 a.m.104 views

CVE-2018-8582

CVE-2018-8582 is a remote code execution flaw in Microsoft Outlook that arises when parsing specially crafted rule export files. The underlying issue is in Outlook’s handling of objects during parsing, allowing an attacker to execute arbitrary code on the affected system. A successful exploit cou...

9.3CVSS8.3AI score0.18594EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.102 views

CVE-2017-8508

CVE-2017-8508 is a Microsoft Office security feature bypass vulnerability tied to improper handling/parsing of file formats. Connected documents explicitly list CVE-2017-8508 among Outlook/Office-related issues, showing that the bypass affects Office components when parsing certain file formats. ...

5.5CVSS5.8AI score0.03829EPSS
CVE
CVE
added 2025/02/11 5:58 p.m.102 views

CVE-2025-21259

CVE-2025-21259 is a Microsoft Outlook spoofing vulnerability. Affected product: Microsoft Outlook. Underlying issue is spoofing in the Outlook UI. CVSSv3.1 base score is 5.3 (MEDIUM) with Network attack vector, Low attack complexity, no privileges required, no user interaction, and unchanged scop...

5.3CVSS5.6AI score0.01113EPSS
Total number of security vulnerabilities120