Lucene search
K
MicrosoftOutlook Express

45 matches found

CVE
CVE
added 2010/05/12 1:0 a.m.137 views

CVE-2010-0816

CVE-2010-0816 is a remote code execution vulnerability affecting Microsoft Outlook Express 5.5 SP2, 6, 6 SP1; Windows Live Mail on Windows XP SP2/SP3, Vista SP1/SP2, Windows Server 2008 (Gold, SP2, R2), and Windows 7; and Windows Mail on Vista SP1/SP2, Server 2008 (Gold, SP2, R2), and Windows 7. ...

9.3CVSS7.6AI score0.20325EPSS
CVE
CVE
added 2002/09/10 4:0 a.m.108 views

CVE-2002-0862

CVE-2002-0862 concerns the CryptoAPI in Microsoft products (Windows 98 through XP; Office for Mac; IE for Mac; Outlook Express for Mac). The issue: the CertGetCertificateChain, CertVerifyCertificateChainPolicy, and WinVerifyTrust APIs fail to properly verify the Basic Constraints of intermediate ...

6.8CVSS6.3AI score0.18675EPSS
CVE
CVE
added 2010/08/27 6:10 p.m.87 views

CVE-2010-3147

CVE-2010-3147 describes an untrusted search path vulnerability in Windows Address Book (wab.exe) where a Trojan horse wab32res.dll loaded from the current working directory can execute code. Affected: WAB/Windows Contacts components on Windows XP SP2/XP SP3, Server 2003 SP2, Vista SP1/SP2, Server...

9.3CVSS6.3AI score0.18675EPSS
CVE
CVE
added 2008/08/13 12:0 a.m.83 views

CVE-2008-1448

Technical details for CVE-2008-1448 are not provided in the connected documents. Public details are limited to related CVEs; monitor for updates.

7.1CVSS6.2AI score0.2663EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.78 views

CVE-2002-0152

The CVE-2002-0152 entry concerns a buffer overflow in Macintosh builds of several Microsoft applications. The vulnerability is triggered by the file:// directive when a large number of slashes (/) is supplied, allowing remote attackers to crash the affected applications or potentially execute arb...

7.5CVSS8.3AI score0.1737EPSS
CVE
CVE
added 2004/06/08 4:0 a.m.75 views

CVE-2004-0526

Unknown versions of Internet Explorer and Outlook are affected by a phishing-related vulnerability that allows remote attackers to spoof a legitimate URL in the status bar. The issue arises from crafting A HREF tags with modified alt values pointing to the legitimate site, combined with an image ...

5CVSS7AI score0.17249EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.71 views

CVE-1999-1016

CVE-1999-1016 concerns the Microsoft HTML control used in Internet Explorer 5.0, FrontPage Express, Outlook Express 5, and Eudora. The vulnerability allows a remote attacker (via a malicious web site or HTML email) to trigger a denial of service by crafting large HTML form fields (e.g., text inpu...

5CVSS7.4AI score0.07702EPSS
CVE
CVE
added 2002/05/03 4:0 a.m.71 views

CVE-2001-1325

CVE-2001-1325 affects Internet Explorer 5.0/5.5 and Outlook Express 5.0/5.5. The vulnerability allows remote script execution when Active Scripting is disabled if scripts are embedded in XML stylesheets (XSL) loaded via an IFRAME, potentially tied to Windows Scripting Host (WSH). OpenVAS findings...

7.5CVSS7.6AI score0.27292EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.67 views

CVE-2000-0567

The CVE-2000-0567 issue affects Microsoft Outlook and Outlook Express through a vulnerable Date header in emails. The root cause is a buffer overflow that can be triggered remotely by processing a crafted email, allowing arbitrary commands to execute on affected systems. The vulnerability is cate...

5CVSS8.1AI score0.32329EPSS
CVE
CVE
added 2007/06/12 9:0 p.m.67 views

CVE-2007-2227

CVE-2007-2227 describes information disclosure in the MHTML protocol handler used by Outlook Express 6 and Windows Mail, which processes MHTML contents via Internet Explorer and ignores the Content-Disposition header. The vulnerability enables an attacker to obtain sensitive data from other IE do...

4.3CVSS5.7AI score0.2504EPSS
CVE
CVE
added 2005/06/14 4:0 a.m.66 views

CVE-2005-1213

Microsoft Outlook Express NNTP LIST buffer overflow (CVE-2005-1213) affects MSOE.DLL in Outlook Express 5.5 SP2, 6 and 6 SP1. A crafted LIST response with a long second field allows a remote attacker to execute arbitrary code via the NNTP channel. The vulnerability arises from a stack-based buffe...

7.5CVSS7.6AI score0.73961EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.65 views

CVE-2001-1088

Affected products: Microsoft Outlook 8.5 and earlier; Outlook Express 5 and earlier. Vulnerability: When the option “Automatically put people I reply to in my address book” is enabled, the client does not notify the user if the reply-to address differs from the from address, enabling a remote att...

7.5CVSS6.9AI score0.19711EPSS
CVE
CVE
added 2003/05/15 4:0 a.m.64 views

CVE-2003-0300

CVE-2003-0300 concerns the IMAP Client for Sylpheed 0.8.11. A remote IMAP server can trigger a denial-of-service (crash) by sending certain large literal size values that lead to signedness errors or integer overflow in the client. The available sources describe the vulnerability as a DoS conditi...

5CVSS7.3AI score0.03359EPSS
CVE
CVE
added 2006/04/12 12:0 a.m.64 views

CVE-2006-0014

The CVE-2006-0014 entry maps to Microsoft Outlook Express (OE) using the Windows Address Book (.wab) file. The underlying flaw is an unchecked buffer/heap corruption caused by parsing malformed .wab files, specifically due to modifications of Unicode string lengths during WAB parsing. This can al...

5.1CVSS7.5AI score0.23875EPSS
CVE
CVE
added 2007/07/27 10:0 p.m.64 views

CVE-2007-4040

Technical details for CVE-2007-4040 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.

8.8CVSS8.1AI score0.13472EPSS
CVE
CVE
added 2007/06/12 8:0 p.m.63 views

CVE-2007-2225

CVE-2007-2225 involves a cross-domain information disclosure in the MHTML URI handler used by Outlook Express 6 and Windows Mail (on Windows Vista). The vulnerability arises when the MHTML protocol handler processes HTTP headers, causing IE to bypass domain restrictions and potentially disclose d...

4.3CVSS5.7AI score0.2504EPSS
CVE
CVE
added 2007/10/09 10:0 p.m.63 views

CVE-2007-3897

CVE-2007-3897 corresponds to a heap-based buffer overflow in the NNTP handling of Microsoft Outlook Express (versions up to 6) and Windows Mail (Vista). The vulnerability arises when processing NNTP replies that return more data than requested, allowing attacker-controlled data to overflow the al...

9.3CVSS7.8AI score0.54631EPSS
CVE
CVE
added 2002/05/03 4:0 a.m.62 views

CVE-2002-0285

Outlook Express 5.5 and 6.0 on Windows is affected. A CR in a message header is treated as a valid CR/LF, allowing header splitting that can bypass virus protection and other filters by sending a mail message whose headers contain only the CR, which causes Outlook to create separate headers. Root...

7.5CVSS7.1AI score0.12316EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.61 views

CVE-1999-1164

Microsoft Outlook client is affected by CVE-1999-1164, where processing multiple email messages with identical X-UIDL headers can cause the application to hang, resulting in a denial of service. The available documents confirm the DoS impact but do not provide concrete remediation steps or patche...

5CVSS7AI score0.13332EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.61 views

CVE-2000-0621

The CVE-2000-0621 issue affects Microsoft Outlook 98/2000 and Outlook Express 4.0x/5.0x. A malformed HTML message can cause files to be stored outside the local cache, placing them under the Local Computer Zone instead of the Internet Zone. This bypasses the intended security boundaries and can b...

7.5CVSS6.4AI score0.22312EPSS
CVE
CVE
added 2004/07/14 4:0 a.m.61 views

CVE-2004-0215

CVE-2004-0215 describes a denial-of-service vulnerability in Microsoft Outlook Express 5.5 SP2 and Outlook Express 6 (including SP1 and 64‑bit/Windows Server 2003 variants) where a specially crafted or malformed e-mail header could crash the application. The issue is documented in MS04-018 (CAN-2...

5CVSS6.4AI score0.15634EPSS
CVE
CVE
added 2006/05/01 7:0 p.m.61 views

CVE-2006-2111

CVE-2006-2111 describes an information disclosure flaw in the Windows MHTML URL handler used by Outlook Express/Windows Mail. The vulnerability arises because the MHTML protocol handler misinterprets redirections (MHTML://) and could allow a remote attacker to bypass Internet Explorer domain rest...

4.3CVSS5.9AI score0.4031EPSS
CVE
CVE
added 2000/06/02 4:0 a.m.59 views

CVE-2000-0329

The CVE concerns a Microsoft ActiveX control vulnerability in the Active Setup Control that allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML email. Affected component is an ActiveX control; impact is remote code execution with partia...

5.1CVSS7AI score0.07687EPSS
CVE
CVE
added 2004/04/06 4:0 a.m.59 views

CVE-2004-0380

The CVE-2004-0380 issue affects the MHTML URL Processing Vulnerability in Microsoft Outlook Express 5.5 SP2 through 6 SP1, rooted in the MHTML/ITS handling and cross-domain logic. A remote attacker could cause HTML/CHM content to execute arbitrary code in the Local Machine Zone by exploiting ITS,...

10CVSS7.1AI score0.6325EPSS
CVE
CVE
added 2001/04/04 4:0 a.m.58 views

CVE-2001-0145

CVE-2001-0145 affects Outlook 2000/98 and Outlook Express 5.x, where a buffer overflow in the VCard handler can be triggered by a malformed vCard birthday field, allowing an attacker to execute arbitrary commands. The root cause described is a faulty VCard birthday parsing leading to memory corru...

7.5CVSS8AI score0.06699EPSS
CVE
CVE
added 2000/02/08 5:0 a.m.57 views

CVE-2000-0105

The CVE concerns Outlook Express 5.01 and Internet Explorer 5.01. A remote attacker can view a user’s email messages through a script that accesses a variable referencing subsequent messages read by the client. The explicit root cause is a scripting reference that exposes subsequent messages to a...

5CVSS6.9AI score0.20653EPSS
CVE
CVE
added 2000/06/15 4:0 a.m.56 views

CVE-2000-0415

Outlook Express 4.x is affected by a buffer overflow triggered by mail/news messages with a .jpg or .bmp attachment having a long filename. The vulnerability is reported to allow denial of service. The connected documents corroborate the issue as described for Outlook Express 4.x; no specific exp...

5CVSS7.1AI score0.06057EPSS
CVE
CVE
added 2000/08/03 4:0 a.m.56 views

CVE-2000-0653

Technical details (affected products, versions, root cause, or exploit specifics) are not publicly provided in the supplied documents. Monitor for updates.

5CVSS7AI score0.27087EPSS
CVE
CVE
added 2001/04/04 4:0 a.m.55 views

CVE-2001-0322

CVE-2001-0322 concerns MSHTML.DLL HTML parser in Internet Explorer 4.0 and newer, where a script that creates and deletes an object tied to the browser window object can trigger a denial of service (application crash). The vulnerability is described as remote, with impact limited to availability ...

5CVSS6.8AI score0.20953EPSS
CVE
CVE
added 2005/11/16 9:17 p.m.55 views

CVE-2002-2164

CVE-2002-2164 describes a buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 that allows remote attackers to cause a denial of service by sending a long link. The connected sources (Red Hat, CVE listings, and NVD) corroborate a vulnerability in handling abnormally long link reference...

5CVSS7.2AI score0.21911EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.54 views

CVE-1999-0967

CVE-1999-0967 describes a buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol. The connected PT-1997-1176 entry reiterates a buffer overflow in the HTML library with affected software and recommends updating to ...

10CVSS7.5AI score0.06959EPSS
CVE
CVE
added 2000/03/22 5:0 a.m.54 views

CVE-2000-0036

CVE-2000-0036 involves Outlook Express 5 for Macintosh, where HTML mail can cause attachments to be downloaded without prompting the user. The description identifies the issue as the “HTML Mail Attachment” vulnerability, but the connected documents do not provide technical specifics such as affec...

5CVSS6.8AI score0.03922EPSS
CVE
CVE
added 2002/02/02 5:0 a.m.54 views

CVE-2001-0999

CVE-2001-0999 concerns Outlook Express 6.00, where remote attackers could cause arbitrary script execution by embedding SCRIPT tags in a message with MIME type text/plain. This contradicts the expected behavior that text/plain messages do not run scripts. The available references (NVD, CVE List) ...

7.5CVSS7.7AI score0.12292EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.54 views

CVE-2002-1179

Buffer overflow in the S/MIME Parsing capability of Microsoft Outlook Express 5.5 and 6.0 is triggered when a user views or previews a digitally signed email with a long From address, allowing potential remote code execution. The root cause is an overflow in the S/MIME parsing path, leading to ar...

7.5CVSS8.2AI score0.2022EPSS
CVE
CVE
added 2007/10/19 10:0 a.m.54 views

CVE-2003-1378

Technical details for CVE-2003-1378 are not publicly available in the provided documents. Monitor for updates from vendors and security bulletins for affected products and fixes.

8.8CVSS7.3AI score0.15583EPSS
CVE
CVE
added 2008/12/11 3:0 p.m.54 views

CVE-2008-5424

Technical details for CVE-2008-5424 are not publicly available in the provided documents. Monitor for updates.

4.3CVSS7.3AI score0.12258EPSS
CVE
CVE
added 2006/12/13 1:0 a.m.53 views

CVE-2006-2386

CVE-2006-2386 is an unspecified remote code execution vulnerability affecting Microsoft Outlook Express 6 and earlier, exploitable via a crafted Windows Address Book (.wab) file. Technical details in connected docs indicate the root cause is a buffer/validation issue in Windows Address Book (WAB)...

6.8CVSS7.4AI score0.28727EPSS
CVE
CVE
added 2002/02/02 5:0 a.m.52 views

CVE-2001-0945

CVE-2001-0945 describes a buffer overflow in Outlook Express 5.0–5.02 for Macintosh triggered by an email message containing a long line, allowing remote attackers to cause a denial of service. The underlying issue is a buffer overflow in handling long lines; impact is a denial of service with pa...

5CVSS7.3AI score0.19788EPSS
CVE
CVE
added 2003/05/15 4:0 a.m.52 views

CVE-2003-0301

CVE-2003-0301 concerns the IMAP Client for Outlook Express 6.00.2800.1106. The issue is triggered by certain large literal size values that cause integer signedness or integer overflow errors during parsing, enabling remote servers to induce a denial of service (crash). The public sources in the ...

5CVSS7.3AI score0.05978EPSS
CVE
CVE
added 2005/11/16 9:17 p.m.47 views

CVE-2002-2202

Affected software: Outlook Express 6.0. Issue: The product does not delete messages from DBX mailbox files when a user empties the Deleted Items folder, allowing local users to read other users’ email. Evidence: Descriptions in Red Hat and NVD/JST documents corroborate this behavior. Impact: Loca...

3.8CVSS6.5AI score0.01295EPSS
CVE
CVE
added 2007/10/06 8:0 p.m.47 views

CVE-2004-2694

CVE-2004-2694 affects Microsoft Outlook Express 6.0. The vulnerability allows remote attackers to bypass access restrictions and load content from arbitrary sources into the Outlook context via a BASE HREF with target set to _top, enabling phishing-like content injection. This is described across...

5.8CVSS7.1AI score0.08558EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.46 views

CVE-1999-1033

Affected product: Microsoft Outlook Express prior to 4.72.3612.1700. Root cause: parsing of a message containing .. can cause Outlook to re-enter POP3 command mode. Impact: POP3 session hang (partial availability). Evidence: description and records in CVE-1999-1033 family. Remediation: apply patc...

5CVSS7AI score0.17503EPSS
CVE
CVE
added 2005/07/12 4:0 a.m.45 views

CVE-2005-2226

CVE-2005-2226 affects Microsoft Outlook Express 6.0. The issue leaks the default news server account when a user responds to a “watched” conversation thread, potentially allowing remote attackers to obtain sensitive information. The Red Hat and CVE listings reiterate the same description. No expl...

5CVSS6.4AI score0.13389EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.44 views

CVE-2001-1547

Outlook Express 6.0 vulnerability: when the setting to block potentially virus-laden attachments is enabled, forwarded messages may bypass this and allow remote code execution. Affected component is attachments handling in forwarded email. The provided documents state the issue but do not specify...

7.5CVSS7.8AI score0.13737EPSS
CVE
CVE
added 2005/06/14 4:0 a.m.42 views

CVE-2004-2137

The CVE-2004-2137 issue affects Outlook Express 6.0 when users send multipart e-mail messages with the setting to “Break apart messages larger than.” The vulnerability is that BCC recipients are leaked to To/CC addresses during this process, potentially exposing sensitive contact information. The...

5CVSS6.9AI score0.26142EPSS