Outlook Express Security Vulnerabilities and Issues — Outlook Express CVE List

Lucene search

MicrosoftOutlook Express

20 matches found

CVE•added 2004/08/06 4:0 a.m.•62 views

CVE-2004-0526

Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attac...

5CVSS7AI score0.51338EPSS

CVE•added 2000/10/13 4:0 a.m.•54 views

CVE-2000-0567

Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability.

5CVSS8.1AI score0.19902EPSS

CVE•added 2001/09/12 4:0 a.m.•49 views

CVE-1999-1016

Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a tab...

5CVSS7.4AI score0.08651EPSS

CVE•added 2000/06/02 4:0 a.m.•49 views

CVE-2000-0329

A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.

5.1CVSS7AI score0.08048EPSS

CVE•added 2003/06/16 4:0 a.m.•49 views

CVE-2003-0300

The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.

5CVSS7.3AI score0.00845EPSS

CVE•added 2001/09/12 4:0 a.m.•47 views

CVE-1999-1164

Microsoft Outlook client allows remote attackers to cause a denial of service by sending multiple email messages with the same X-UIDL headers, which causes Outlook to hang.

5CVSS7AI score0.06904EPSS

CVE•added 2004/08/06 4:0 a.m.•47 views

CVE-2004-0215

Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.

5CVSS6.4AI score0.44462EPSS

CVE•added 2000/02/08 5:0 a.m.•46 views

CVE-2000-0105

Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers to view a user's email messages via a script that accesses a variable that references subsequent email messages that are read by the client.

5CVSS6.9AI score0.57548EPSS

CVE•added 2001/06/02 4:0 a.m.•45 views

CVE-2001-0322

MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object.

5CVSS6.8AI score0.13452EPSS

CVE•added 2000/08/03 4:0 a.m.•43 views

CVE-2000-0653

Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability.

5CVSS7AI score0.50286EPSS

CVE•added 2000/03/22 5:0 a.m.•42 views

CVE-2000-0036

Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.

5CVSS6.8AI score0.19714EPSS

CVE•added 2006/04/12 12:2 a.m.•42 views

CVE-2006-0014

Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.

5.1CVSS7.5AI score0.41401EPSS

CVE•added 2002/02/02 5:0 a.m.•41 views

CVE-2001-0945

Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line.

5CVSS7.3AI score0.17849EPSS

CVE•added 2005/11/16 9:17 p.m.•41 views

CVE-2002-2164

Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long link.

5CVSS7.2AI score0.30063EPSS

CVE•added 2000/06/15 4:0 a.m.•40 views

CVE-2000-0415

Buffer overflow in Outlook Express 4.x allows attackers to cause a denial of service via a mail or news message that has a .jpg or .bmp attachment with a long file name.

5CVSS7.1AI score0.11722EPSS

CVE•added 2003/06/16 4:0 a.m.•38 views

CVE-2003-0301

The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.

5CVSS7.3AI score0.04278EPSS

CVE•added 2007/10/06 8:0 p.m.•34 views

CVE-2004-2694

Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top".

5.8CVSS7.1AI score0.17268EPSS

CVE•added 2001/09/12 4:0 a.m.•33 views

CVE-1999-1033

Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause Outlook to re-enter POP3 command mode and cause the POP3 session to hang.

5CVSS7AI score0.08757EPSS

CVE•added 2005/07/12 4:0 a.m.•33 views

CVE-2005-2226

Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information.

5CVSS6.4AI score0.35365EPSS

CVE•added 2005/06/14 4:0 a.m.•30 views

CVE-2004-2137

Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information.

5CVSS6.9AI score0.33173EPSS