Outlook Security Vulnerabilities and Issues — Page 3 of Outlook CVE List

Lucene search

MicrosoftOutlook

120 matches found

CVE•added 2024/09/10 5:15 p.m.•48 views

CVE-2024-43482

Microsoft Outlook for iOS Information Disclosure Vulnerability

6.5CVSS6.3AI score0.02098EPSS

CVE•added 2025/06/10 5:23 p.m.•48 views

CVE-2025-47171

Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.

6.7CVSS6.6AI score0.01646EPSS

CVE•added 2001/09/12 4:0 a.m.•47 views

CVE-1999-1164

Microsoft Outlook client allows remote attackers to cause a denial of service by sending multiple email messages with the same X-UIDL headers, which causes Outlook to hang.

5CVSS7AI score0.06904EPSS

CVE•added 2007/01/09 11:0 p.m.•47 views

CVE-2006-1305

Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.

4.3CVSS6.6AI score0.51445EPSS

CVE•added 2000/10/20 4:0 a.m.•46 views

CVE-2000-0756

Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.

5CVSS6.8AI score0.11679EPSS

CVE•added 2006/12/20 2:28 a.m.•46 views

CVE-2006-6659

The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.

5CVSS6.9AI score0.23391EPSS

CVE•added 2001/06/02 4:0 a.m.•45 views

CVE-2001-0322

MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object.

5CVSS6.8AI score0.13452EPSS

CVE•added 2002/03/09 5:0 a.m.•44 views

CVE-2000-0753

The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files.

5CVSS6.6AI score0.18497EPSS

CVE•added 2001/05/03 4:0 a.m.•44 views

CVE-2001-0145

Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a malformed vCard birthday field.

7.5CVSS8AI score0.09723EPSS

CVE•added 2005/08/05 4:0 a.m.•44 views

CVE-2002-2101

Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.

7.5CVSS7.2AI score0.16945EPSS

CVE•added 2004/09/01 4:0 a.m.•44 views

CVE-2003-0007

Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure....

5CVSS6.8AI score0.04077EPSS

CVE•added 2000/10/13 4:0 a.m.•43 views

CVE-2000-0621

Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.

7.5CVSS6.4AI score0.05844EPSS

CVE•added 2002/08/12 4:0 a.m.•43 views

CVE-2002-0481

An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.L...

5.1CVSS7.2AI score0.06392EPSS

CVE•added 2007/10/19 10:0 a.m.•43 views

CVE-2003-1378

Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.

8.8CVSS7.3AI score0.34472EPSS

CVE•added 2005/08/05 4:0 a.m.•41 views

CVE-2002-2100

Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.

5CVSS7AI score0.0817EPSS

CVE•added 2000/06/15 4:0 a.m.•40 views

CVE-2000-0415

Buffer overflow in Outlook Express 4.x allows attackers to cause a denial of service via a mail or news message that has a .jpg or .bmp attachment with a long file name.

5CVSS7.1AI score0.11722EPSS

CVE•added 2006/04/26 8:6 p.m.•39 views

CVE-2006-2055

Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as a...

5CVSS7AI score0.24588EPSS

CVE•added 2007/01/09 11:28 p.m.•39 views

CVE-2007-0034

Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."

9.3CVSS7.5AI score0.62591EPSS

CVE•added 2004/09/01 4:0 a.m.•37 views

CVE-2002-1255

Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."

5CVSS7.1AI score0.14022EPSS

CVE•added 2025/07/08 5:15 p.m.•17 views

CVE-2025-49699

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

7CVSS7.3AI score0.00057EPSS

Total number of security vulnerabilities120