34 matches found
CVE-2022-23280
Microsoft Outlook for Mac Security Feature Bypass Vulnerability
CVE-2020-1493
An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users.To exploit this vulnerability, an atta...
CVE-2013-3905
Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attackers to obtain sensitive network configuration and state information via a crafted certificate in an e-mail message, aka "S/MIME AIA Vulnerabi...
CVE-2017-0204
Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability."
CVE-2017-17689
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
CVE-2019-0560
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office.
CVE-2017-8508
A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats, aka "Microsoft Office Security Feature Bypass Vulnerability".
CVE-2017-17688
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolet...
CVE-2019-1105
A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim.The attacker who successfully exploited this vulnerability...
CVE-2025-21259
Microsoft Outlook Spoofing Vulnerability
CVE-2017-8572
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information disclosure vulnerability due to the way that it discloses the contents of its memory, aka "Microsoft Office Outlook Information Disclosure Vuln...
CVE-2019-1218
A spoofing vulnerability exists in the way Microsoft Outlook iOS software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim.The attacker who successfully exploited this vulnerability could t...
CVE-2004-2482
Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of...
CVE-2004-0526
Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attac...
CVE-2000-0216
Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list.
CVE-2004-0501
Outlook 2003 allows remote attackers to bypass intended access restrictions and cause Outlook to request a URL from a remote site via an HTML e-mail message containing a Vector Markup Language (VML) entity whose src parameter points to the remote site, which could allow remote attackers to know whe...
CVE-2005-1052
Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.
CVE-2000-0567
Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability.
CVE-2004-0503
Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprom...
CVE-2004-0502
Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as demonstrated using a shell:...
CVE-2000-0329
A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.
CVE-2000-0524
Microsoft Outlook and Outlook Express allow remote attackers to cause a denial of service by sending email messages with blank fields such as BCC, Reply-To, Return-Path, or From.
CVE-2004-0284
Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
CVE-1999-1164
Microsoft Outlook client allows remote attackers to cause a denial of service by sending multiple email messages with the same X-UIDL headers, which causes Outlook to hang.
CVE-2000-0756
Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
CVE-2006-6659
The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.
CVE-2001-0322
MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object.
CVE-2000-0753
The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files.
CVE-2003-0007
Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure....
CVE-2002-0481
An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.L...
CVE-2002-2100
Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
CVE-2000-0415
Buffer overflow in Outlook Express 4.x allows attackers to cause a denial of service via a mail or news message that has a .jpg or .bmp attachment with a long file name.
CVE-2006-2055
Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as a...
CVE-2002-1255
Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."