Outlook@2016 Security Vulnerabilities and Issues — Outlook@2016 CVE List

Lucene search

MicrosoftOutlook2016

52 matches found

CVE•added 2023/03/14 5:15 p.m.•1742 views

CVE-2023-23397

Microsoft Outlook Elevation of Privilege Vulnerability

9.8CVSS8.3AI score0.93606EPSS

CVE•added 2017/10/13 1:29 p.m.•1094 views

CVE-2017-11774

Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."

7.8CVSS7.7AI score0.81564EPSS

CVE•added 2023/07/11 6:15 p.m.•588 views

CVE-2023-35311

Microsoft Outlook Security Feature Bypass Vulnerability

8.8CVSS7.9AI score0.01272EPSS

CVE•added 2023/09/12 5:15 p.m.•486 views

CVE-2023-36763

Microsoft Outlook Information Disclosure Vulnerability

7.5CVSS7.2AI score0.0128EPSS

CVE•added 2024/02/13 6:15 p.m.•270 views

CVE-2024-21378

Microsoft Outlook Remote Code Execution Vulnerability

8.8CVSS7.8AI score0.15554EPSS

CVE•added 2019/07/15 7:15 p.m.•253 views

CVE-2019-1084

An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisib...

6.5CVSS5.3AI score0.07824EPSS

CVE•added 2020/10/16 11:15 p.m.•253 views

CVE-2020-16947

A remote code execution vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the targeted user. If the targeted user is logged on with admi...

9.3CVSS7.7AI score0.54529EPSS

CVE•added 2023/06/14 12:15 a.m.•168 views

CVE-2023-33131

Microsoft Outlook Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.02618EPSS

CVE•added 2020/04/15 3:15 p.m.•166 views

CVE-2020-0760

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.

8.8CVSS8.5AI score0.34566EPSS

CVE•added 2023/06/01 2:15 a.m.•166 views

CVE-2022-35742

Microsoft Outlook Denial of Service Vulnerability

7.5CVSS7.3AI score0.06007EPSS

CVE•added 2020/10/16 11:15 p.m.•161 views

CVE-2020-16949

A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.Exploitation of the vulnerability requires that a spe...

7.5CVSS4.8AI score0.02936EPSS

CVE•added 2021/06/08 11:15 p.m.•157 views

CVE-2021-31949

Microsoft Outlook Remote Code Execution Vulnerability

7.8CVSS7.2AI score0.00435EPSS

CVE•added 2024/07/09 5:15 p.m.•132 views

CVE-2024-38020

Microsoft Outlook Spoofing Vulnerability

6.5CVSS6.8AI score0.00661EPSS

CVE•added 2023/08/08 6:15 p.m.•130 views

CVE-2023-36893

Microsoft Outlook Spoofing Vulnerability

6.5CVSS6.5AI score0.0084EPSS

CVE•added 2020/07/14 11:15 p.m.•129 views

CVE-2020-1349

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'.

7.8CVSS7.9AI score0.44783EPSS

CVE•added 2020/08/17 7:15 p.m.•129 views

CVE-2020-1493

An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users.To exploit this vulnerability, an atta...

5.5CVSS5.3AI score0.30155EPSS

CVE•added 2025/01/14 6:16 p.m.•128 views

CVE-2025-21357

Microsoft Outlook Remote Code Execution Vulnerability

6.7CVSS6.7AI score0.00106EPSS

CVE•added 2024/06/11 5:15 p.m.•125 views

CVE-2024-30103

Microsoft Outlook Remote Code Execution Vulnerability

8.8CVSS8.9AI score0.15301EPSS

CVE•added 2018/02/15 2:29 a.m.•120 views

CVE-2018-0851

Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Office handles objects in memory, aka "Microsoft Offi...

9.3CVSS8.7AI score0.29469EPSS

CVE•added 2017/04/12 2:59 p.m.•116 views

CVE-2017-0204

Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability."

5.5CVSS5.9AI score0.12838EPSS

CVE•added 2020/12/10 12:15 a.m.•114 views

CVE-2020-17119

Microsoft Outlook Information Disclosure Vulnerability

7.5CVSS6.2AI score0.07711EPSS

CVE•added 2021/04/13 8:15 p.m.•111 views

CVE-2021-28452

Microsoft Outlook Memory Corruption Vulnerability

7.8CVSS6.7AI score0.0073EPSS

CVE•added 2020/08/17 7:15 p.m.•108 views

CVE-2020-1483

A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative ...

9.3CVSS6AI score0.16968EPSS

CVE•added 2018/05/16 7:29 p.m.•96 views

CVE-2017-17689

The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.

5.9CVSS5.6AI score0.00639EPSS

CVE•added 2019/01/08 9:29 p.m.•94 views

CVE-2019-0559

An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.

6.5CVSS5.9AI score0.25751EPSS

CVE•added 2019/01/08 9:29 p.m.•93 views

CVE-2019-0560

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office.

5.5CVSS5.1AI score0.26918EPSS

CVE•added 2020/02/11 10:15 p.m.•91 views

CVE-2020-0696

A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.

6.5CVSS6.4AI score0.06593EPSS

CVE•added 2024/08/13 6:15 p.m.•91 views

CVE-2024-38173

Microsoft Outlook Remote Code Execution Vulnerability

6.7CVSS6.7AI score0.01084EPSS

CVE•added 2017/04/12 2:59 p.m.•90 views

CVE-2017-0106

Microsoft Excel 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.7AI score0.11918EPSS

CVE•added 2018/11/14 1:29 a.m.•90 views

CVE-2018-8582

A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CV...

9.3CVSS8.3AI score0.17365EPSS

CVE•added 2018/01/10 1:29 a.m.•88 views

CVE-2018-0791

Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0793.

9.3CVSS8.3AI score0.41375EPSS

CVE•added 2019/08/14 9:15 p.m.•87 views

CVE-2019-1200

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the...

9.3CVSS7.7AI score0.07373EPSS

CVE•added 2017/06/15 1:29 a.m.•85 views

CVE-2017-8508

A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats, aka "Microsoft Office Security Feature Bypass Vulnerability".

5.5CVSS5.8AI score0.1548EPSS

CVE•added 2017/06/15 1:29 a.m.•84 views

CVE-2017-8506

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-0260.

9.3CVSS6.8AI score0.36403EPSS

CVE•added 2018/02/15 2:29 a.m.•83 views

CVE-2018-0850

Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability".

6.5CVSS7.3AI score0.13239EPSS

CVE•added 2018/06/14 12:29 p.m.•83 views

CVE-2018-8244

An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook.

6.5CVSS6.4AI score0.1023EPSS

CVE•added 2018/11/14 1:29 a.m.•82 views

CVE-2018-8522

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8524,...

9.3CVSS8.3AI score0.17365EPSS

CVE•added 2017/08/01 8:29 p.m.•80 views

CVE-2017-8572

Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information disclosure vulnerability due to the way that it discloses the contents of its memory, aka "Microsoft Office Outlook Information Disclosure Vuln...

5.5CVSS5.6AI score0.10846EPSS

CVE•added 2018/11/14 1:29 a.m.•79 views

CVE-2018-8524

9.3CVSS8.3AI score0.17365EPSS

CVE•added 2017/10/13 1:29 p.m.•78 views

CVE-2017-11776

Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka "Microsoft Outlook Information Disclosure Vulnerability."

7.5CVSS7.2AI score0.18636EPSS

CVE•added 2017/06/15 1:29 a.m.•77 views

CVE-2017-8507

A remote code execution vulnerability exists in the way Microsoft Office software parses specially crafted email messages, aka "Microsoft Office Memory Corruption Vulnerability".

9.3CVSS6.2AI score0.22842EPSS

CVE•added 2017/08/01 8:29 p.m.•77 views

CVE-2017-8571

Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature bypass vulnerability due to the way that it handles input, aka "Microsoft Office Outlook Security Feature Bypass Vulnerability".

7.8CVSS7.3AI score0.14406EPSS

CVE•added 2019/08/14 9:15 p.m.•75 views

CVE-2019-1204

An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a local or remote message ...

4.3CVSS5.5AI score0.08582EPSS

CVE•added 2018/11/14 1:29 a.m.•72 views

CVE-2018-8576

9.3CVSS8.3AI score0.17365EPSS

CVE•added 2018/02/15 2:29 a.m.•69 views

CVE-2018-0852

Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Outlook handles objects in memory, aka "Microsoft Office Memory Corruption Vuln...

9.3CVSS8.7AI score0.29469EPSS

CVE•added 2017/08/01 8:29 p.m.•68 views

CVE-2017-8663

Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a remote code execution vulnerability due to the way Microsoft Outlook parses specially crafted email messages, aka "Microsoft Office Outlook Memory Corruptio...

9.3CVSS7.6AI score0.1816EPSS

CVE•added 2016/07/13 1:59 a.m.•67 views

CVE-2016-3278

Microsoft Outlook 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.7AI score0.25849EPSS

CVE•added 2016/09/14 10:59 a.m.•66 views

CVE-2016-3366

Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, Outlook 2016, and Outlook 2016 for Mac do not properly implement RFC 2046, which allows remote attackers to bypass virus or spam detection via crafted MIME data in an e-mail attachment, aka "Microsoft Office Spoofi...

6.5CVSS6.6AI score0.15125EPSS

CVE•added 2024/10/08 6:15 p.m.•59 views

CVE-2024-43604

Outlook for Android Elevation of Privilege Vulnerability

8CVSS6.3AI score0.00325EPSS

CVE•added 2017/06/15 1:29 a.m.•56 views

CVE-2017-8545

A spoofing vulnerability exists in when Microsoft Outlook for Mac does not sanitize html properly, aka "Microsoft Outlook for Mac Spoofing Vulnerability".

6.5CVSS5.7AI score0.13057EPSS

Total number of security vulnerabilities52