Outlook@* Security Vulnerabilities and Issues — Outlook@* CVE List

An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisib...

6.5CVSS5.3AI score0.07824EPSS

CVE•added 2024/04/09 5:15 p.m.•198 views

CVE-2024-20670

Outlook for Windows Spoofing Vulnerability

8.1CVSS8AI score0.03834EPSS

CVE•added 2021/06/08 11:15 p.m.•177 views

CVE-2021-31941

Microsoft Office Graphics Remote Code Execution Vulnerability

7.8CVSS7.6AI score0.03164EPSS

CVE•added 2023/06/14 12:15 a.m.•168 views

CVE-2023-33131

Microsoft Outlook Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.02618EPSS

CVE•added 2020/04/15 3:15 p.m.•166 views

CVE-2020-0760

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.

8.8CVSS8.5AI score0.34566EPSS

CVE•added 2023/06/01 2:15 a.m.•166 views

CVE-2022-35742

Microsoft Outlook Denial of Service Vulnerability

7.5CVSS7.3AI score0.06007EPSS

CVE•added 2021/06/08 11:15 p.m.•157 views

CVE-2021-31949

Microsoft Outlook Remote Code Execution Vulnerability

7.8CVSS7.2AI score0.00435EPSS

CVE•added 2022/02/09 5:15 p.m.•137 views

CVE-2022-23280

Microsoft Outlook for Mac Security Feature Bypass Vulnerability

5.3CVSS6AI score0.05399EPSS

CVE•added 2024/07/09 5:15 p.m.•132 views

CVE-2024-38020

Microsoft Outlook Spoofing Vulnerability

6.5CVSS6.8AI score0.00661EPSS

CVE•added 2023/08/08 6:15 p.m.•130 views

CVE-2023-36893

Microsoft Outlook Spoofing Vulnerability

6.5CVSS6.5AI score0.0084EPSS

CVE•added 2020/07/14 11:15 p.m.•129 views

CVE-2020-1349

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'.

7.8CVSS7.9AI score0.44783EPSS

CVE•added 2025/01/14 6:16 p.m.•128 views

CVE-2025-21357

Microsoft Outlook Remote Code Execution Vulnerability

6.7CVSS6.7AI score0.00106EPSS

CVE•added 2024/06/11 5:15 p.m.•125 views

CVE-2024-30103

Microsoft Outlook Remote Code Execution Vulnerability

8.8CVSS8.9AI score0.15301EPSS

CVE•added 2023/07/11 6:15 p.m.•102 views

CVE-2023-33151

Microsoft Outlook Spoofing Vulnerability

6.5CVSS6.8AI score0.00543EPSS

CVE•added 2019/01/08 9:29 p.m.•94 views

CVE-2019-0559

An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.

6.5CVSS5.9AI score0.25751EPSS

CVE•added 2025/04/08 6:16 p.m.•93 views

CVE-2025-29805

Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network.

7.5CVSS6.5AI score0.00109EPSS

CVE•added 2020/02/11 10:15 p.m.•91 views

CVE-2020-0696

A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.

6.5CVSS6.4AI score0.06593EPSS

CVE•added 2024/08/13 6:15 p.m.•91 views

CVE-2024-38173

Microsoft Outlook Remote Code Execution Vulnerability

6.7CVSS6.7AI score0.01084EPSS

CVE•added 2018/11/14 1:29 a.m.•90 views

CVE-2018-8582

A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CV...

9.3CVSS8.3AI score0.17365EPSS

CVE•added 2018/12/12 12:29 a.m.•88 views

CVE-2018-8587

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.

9.3CVSS6.1AI score0.46569EPSS

CVE•added 2018/06/14 12:29 p.m.•83 views

CVE-2018-8244

An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook.

6.5CVSS6.4AI score0.1023EPSS

CVE•added 2018/11/14 1:29 a.m.•82 views

CVE-2018-8522

9.3CVSS8.3AI score0.17365EPSS

CVE•added 2019/07/29 2:15 p.m.•82 views

CVE-2019-1105

A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim.The attacker who successfully exploited this vulnerability...

5.4CVSS5AI score0.00528EPSS

CVE•added 2025/02/11 6:15 p.m.•81 views

CVE-2025-21259

Microsoft Outlook Spoofing Vulnerability

5.3CVSS5.6AI score0.00127EPSS

CVE•added 2018/11/14 1:29 a.m.•79 views

CVE-2018-8524

9.3CVSS8.3AI score0.17365EPSS

CVE•added 2018/11/14 1:29 a.m.•72 views

CVE-2018-8576

9.3CVSS8.3AI score0.17365EPSS

CVE•added 2025/01/14 6:16 p.m.•66 views

CVE-2025-21361

Microsoft Outlook Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00152EPSS

CVE•added 2002/03/09 5:0 a.m.•64 views

CVE-2001-0538

Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.

10CVSS7.4AI score0.68321EPSS

CVE•added 2024/12/18 11:15 p.m.•64 views

CVE-2024-42220

A library injection vulnerability exists in Microsoft Outlook 16.83.3 for macOS. A specially crafted library can leverage Outlook's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use...

7.1CVSS6.9AI score0.00154EPSS

CVE•added 2000/03/22 5:0 a.m.•61 views

CVE-2000-0216

Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list.

5CVSS6.8AI score0.13016EPSS

CVE•added 2024/10/08 6:15 p.m.•59 views

CVE-2024-43604

Outlook for Android Elevation of Privilege Vulnerability

8CVSS6.3AI score0.00325EPSS

CVE•added 2000/02/23 5:0 a.m.•48 views

CVE-2000-0160

The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft.

7.6CVSS6.9AI score0.10325EPSS

CVE•added 2007/07/27 10:30 p.m.•48 views

CVE-2007-4040

Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command l...

8.8CVSS8.1AI score0.49726EPSS

CVE•added 2024/09/10 5:15 p.m.•48 views

CVE-2024-43482

Microsoft Outlook for iOS Information Disclosure Vulnerability

6.5CVSS6.3AI score0.02098EPSS

CVE•added 2025/06/10 5:23 p.m.•48 views

CVE-2025-47171

Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.

6.7CVSS6.6AI score0.01646EPSS

CVE•added 2006/12/20 2:28 a.m.•46 views

CVE-2006-6659

The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.

5CVSS6.9AI score0.23391EPSS

CVE•added 2025/07/08 5:15 p.m.•15 views

CVE-2025-49699

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

7CVSS7.3AI score0.00057EPSS