45 matches found
CVE-2010-0816
CVE-2010-0816 is a remote code execution vulnerability affecting Microsoft Outlook Express 5.5 SP2, 6, 6 SP1; Windows Live Mail on Windows XP SP2/SP3, Vista SP1/SP2, Windows Server 2008 (Gold, SP2, R2), and Windows 7; and Windows Mail on Vista SP1/SP2, Server 2008 (Gold, SP2, R2), and Windows 7. ...
CVE-2002-0862
CVE-2002-0862 concerns the CryptoAPI in Microsoft products (Windows 98 through XP; Office for Mac; IE for Mac; Outlook Express for Mac). The issue: the CertGetCertificateChain, CertVerifyCertificateChainPolicy, and WinVerifyTrust APIs fail to properly verify the Basic Constraints of intermediate ...
CVE-2010-3147
CVE-2010-3147 describes an untrusted search path vulnerability in Windows Address Book (wab.exe) where a Trojan horse wab32res.dll loaded from the current working directory can execute code. Affected: WAB/Windows Contacts components on Windows XP SP2/XP SP3, Server 2003 SP2, Vista SP1/SP2, Server...
CVE-2008-1448
Technical details for CVE-2008-1448 are not provided in the connected documents. Public details are limited to related CVEs; monitor for updates.
CVE-2002-0152
The CVE-2002-0152 entry concerns a buffer overflow in Macintosh builds of several Microsoft applications. The vulnerability is triggered by the file:// directive when a large number of slashes (/) is supplied, allowing remote attackers to crash the affected applications or potentially execute arb...
CVE-2004-0526
Unknown versions of Internet Explorer and Outlook are affected by a phishing-related vulnerability that allows remote attackers to spoof a legitimate URL in the status bar. The issue arises from crafting A HREF tags with modified alt values pointing to the legitimate site, combined with an image ...
CVE-1999-1016
CVE-1999-1016 concerns the Microsoft HTML control used in Internet Explorer 5.0, FrontPage Express, Outlook Express 5, and Eudora. The vulnerability allows a remote attacker (via a malicious web site or HTML email) to trigger a denial of service by crafting large HTML form fields (e.g., text inpu...
CVE-2001-1325
CVE-2001-1325 affects Internet Explorer 5.0/5.5 and Outlook Express 5.0/5.5. The vulnerability allows remote script execution when Active Scripting is disabled if scripts are embedded in XML stylesheets (XSL) loaded via an IFRAME, potentially tied to Windows Scripting Host (WSH). OpenVAS findings...
CVE-2000-0567
The CVE-2000-0567 issue affects Microsoft Outlook and Outlook Express through a vulnerable Date header in emails. The root cause is a buffer overflow that can be triggered remotely by processing a crafted email, allowing arbitrary commands to execute on affected systems. The vulnerability is cate...
CVE-2007-2227
CVE-2007-2227 describes information disclosure in the MHTML protocol handler used by Outlook Express 6 and Windows Mail, which processes MHTML contents via Internet Explorer and ignores the Content-Disposition header. The vulnerability enables an attacker to obtain sensitive data from other IE do...
CVE-2005-1213
Microsoft Outlook Express NNTP LIST buffer overflow (CVE-2005-1213) affects MSOE.DLL in Outlook Express 5.5 SP2, 6 and 6 SP1. A crafted LIST response with a long second field allows a remote attacker to execute arbitrary code via the NNTP channel. The vulnerability arises from a stack-based buffe...
CVE-2001-1088
Affected products: Microsoft Outlook 8.5 and earlier; Outlook Express 5 and earlier. Vulnerability: When the option “Automatically put people I reply to in my address book” is enabled, the client does not notify the user if the reply-to address differs from the from address, enabling a remote att...
CVE-2003-0300
CVE-2003-0300 concerns the IMAP Client for Sylpheed 0.8.11. A remote IMAP server can trigger a denial-of-service (crash) by sending certain large literal size values that lead to signedness errors or integer overflow in the client. The available sources describe the vulnerability as a DoS conditi...
CVE-2006-0014
The CVE-2006-0014 entry maps to Microsoft Outlook Express (OE) using the Windows Address Book (.wab) file. The underlying flaw is an unchecked buffer/heap corruption caused by parsing malformed .wab files, specifically due to modifications of Unicode string lengths during WAB parsing. This can al...
CVE-2007-4040
Technical details for CVE-2007-4040 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.
CVE-2007-2225
CVE-2007-2225 involves a cross-domain information disclosure in the MHTML URI handler used by Outlook Express 6 and Windows Mail (on Windows Vista). The vulnerability arises when the MHTML protocol handler processes HTTP headers, causing IE to bypass domain restrictions and potentially disclose d...
CVE-2007-3897
CVE-2007-3897 corresponds to a heap-based buffer overflow in the NNTP handling of Microsoft Outlook Express (versions up to 6) and Windows Mail (Vista). The vulnerability arises when processing NNTP replies that return more data than requested, allowing attacker-controlled data to overflow the al...
CVE-2002-0285
Outlook Express 5.5 and 6.0 on Windows is affected. A CR in a message header is treated as a valid CR/LF, allowing header splitting that can bypass virus protection and other filters by sending a mail message whose headers contain only the CR, which causes Outlook to create separate headers. Root...
CVE-1999-1164
Microsoft Outlook client is affected by CVE-1999-1164, where processing multiple email messages with identical X-UIDL headers can cause the application to hang, resulting in a denial of service. The available documents confirm the DoS impact but do not provide concrete remediation steps or patche...
CVE-2000-0621
The CVE-2000-0621 issue affects Microsoft Outlook 98/2000 and Outlook Express 4.0x/5.0x. A malformed HTML message can cause files to be stored outside the local cache, placing them under the Local Computer Zone instead of the Internet Zone. This bypasses the intended security boundaries and can b...
CVE-2004-0215
CVE-2004-0215 describes a denial-of-service vulnerability in Microsoft Outlook Express 5.5 SP2 and Outlook Express 6 (including SP1 and 64‑bit/Windows Server 2003 variants) where a specially crafted or malformed e-mail header could crash the application. The issue is documented in MS04-018 (CAN-2...
CVE-2006-2111
CVE-2006-2111 describes an information disclosure flaw in the Windows MHTML URL handler used by Outlook Express/Windows Mail. The vulnerability arises because the MHTML protocol handler misinterprets redirections (MHTML://) and could allow a remote attacker to bypass Internet Explorer domain rest...
CVE-2000-0329
The CVE concerns a Microsoft ActiveX control vulnerability in the Active Setup Control that allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML email. Affected component is an ActiveX control; impact is remote code execution with partia...
CVE-2004-0380
The CVE-2004-0380 issue affects the MHTML URL Processing Vulnerability in Microsoft Outlook Express 5.5 SP2 through 6 SP1, rooted in the MHTML/ITS handling and cross-domain logic. A remote attacker could cause HTML/CHM content to execute arbitrary code in the Local Machine Zone by exploiting ITS,...
CVE-2001-0145
CVE-2001-0145 affects Outlook 2000/98 and Outlook Express 5.x, where a buffer overflow in the VCard handler can be triggered by a malformed vCard birthday field, allowing an attacker to execute arbitrary commands. The root cause described is a faulty VCard birthday parsing leading to memory corru...
CVE-2000-0105
The CVE concerns Outlook Express 5.01 and Internet Explorer 5.01. A remote attacker can view a user’s email messages through a script that accesses a variable referencing subsequent messages read by the client. The explicit root cause is a scripting reference that exposes subsequent messages to a...
CVE-2000-0415
Outlook Express 4.x is affected by a buffer overflow triggered by mail/news messages with a .jpg or .bmp attachment having a long filename. The vulnerability is reported to allow denial of service. The connected documents corroborate the issue as described for Outlook Express 4.x; no specific exp...
CVE-2000-0653
Technical details (affected products, versions, root cause, or exploit specifics) are not publicly provided in the supplied documents. Monitor for updates.
CVE-2001-0322
CVE-2001-0322 concerns MSHTML.DLL HTML parser in Internet Explorer 4.0 and newer, where a script that creates and deletes an object tied to the browser window object can trigger a denial of service (application crash). The vulnerability is described as remote, with impact limited to availability ...
CVE-2002-2164
CVE-2002-2164 describes a buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 that allows remote attackers to cause a denial of service by sending a long link. The connected sources (Red Hat, CVE listings, and NVD) corroborate a vulnerability in handling abnormally long link reference...
CVE-1999-0967
CVE-1999-0967 describes a buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol. The connected PT-1997-1176 entry reiterates a buffer overflow in the HTML library with affected software and recommends updating to ...
CVE-2000-0036
CVE-2000-0036 involves Outlook Express 5 for Macintosh, where HTML mail can cause attachments to be downloaded without prompting the user. The description identifies the issue as the “HTML Mail Attachment” vulnerability, but the connected documents do not provide technical specifics such as affec...
CVE-2001-0999
CVE-2001-0999 concerns Outlook Express 6.00, where remote attackers could cause arbitrary script execution by embedding SCRIPT tags in a message with MIME type text/plain. This contradicts the expected behavior that text/plain messages do not run scripts. The available references (NVD, CVE List) ...
CVE-2002-1179
Buffer overflow in the S/MIME Parsing capability of Microsoft Outlook Express 5.5 and 6.0 is triggered when a user views or previews a digitally signed email with a long From address, allowing potential remote code execution. The root cause is an overflow in the S/MIME parsing path, leading to ar...
CVE-2003-1378
Technical details for CVE-2003-1378 are not publicly available in the provided documents. Monitor for updates from vendors and security bulletins for affected products and fixes.
CVE-2008-5424
Technical details for CVE-2008-5424 are not publicly available in the provided documents. Monitor for updates.
CVE-2006-2386
CVE-2006-2386 is an unspecified remote code execution vulnerability affecting Microsoft Outlook Express 6 and earlier, exploitable via a crafted Windows Address Book (.wab) file. Technical details in connected docs indicate the root cause is a buffer/validation issue in Windows Address Book (WAB)...
CVE-2001-0945
CVE-2001-0945 describes a buffer overflow in Outlook Express 5.0–5.02 for Macintosh triggered by an email message containing a long line, allowing remote attackers to cause a denial of service. The underlying issue is a buffer overflow in handling long lines; impact is a denial of service with pa...
CVE-2003-0301
CVE-2003-0301 concerns the IMAP Client for Outlook Express 6.00.2800.1106. The issue is triggered by certain large literal size values that cause integer signedness or integer overflow errors during parsing, enabling remote servers to induce a denial of service (crash). The public sources in the ...
CVE-2002-2202
Affected software: Outlook Express 6.0. Issue: The product does not delete messages from DBX mailbox files when a user empties the Deleted Items folder, allowing local users to read other users’ email. Evidence: Descriptions in Red Hat and NVD/JST documents corroborate this behavior. Impact: Loca...
CVE-2004-2694
CVE-2004-2694 affects Microsoft Outlook Express 6.0. The vulnerability allows remote attackers to bypass access restrictions and load content from arbitrary sources into the Outlook context via a BASE HREF with target set to _top, enabling phishing-like content injection. This is described across...
CVE-1999-1033
Affected product: Microsoft Outlook Express prior to 4.72.3612.1700. Root cause: parsing of a message containing .. can cause Outlook to re-enter POP3 command mode. Impact: POP3 session hang (partial availability). Evidence: description and records in CVE-1999-1033 family. Remediation: apply patc...
CVE-2005-2226
CVE-2005-2226 affects Microsoft Outlook Express 6.0. The issue leaks the default news server account when a user responds to a “watched” conversation thread, potentially allowing remote attackers to obtain sensitive information. The Red Hat and CVE listings reiterate the same description. No expl...
CVE-2001-1547
Outlook Express 6.0 vulnerability: when the setting to block potentially virus-laden attachments is enabled, forwarded messages may bypass this and allow remote code execution. Affected component is attachments handling in forwarded email. The provided documents state the issue but do not specify...
CVE-2004-2137
The CVE-2004-2137 issue affects Outlook Express 6.0 when users send multipart e-mail messages with the setting to “Break apart messages larger than.” The vulnerability is that BCC recipients are leaked to To/CC addresses during this process, potentially exposing sensitive contact information. The...