Outlook Security Vulnerabilities and Issues — Outlook CVE List

Lucene search

MicrosoftOutlook

28 matches found

CVE•added 2017/10/13 1:29 p.m.•1097 views

CVE-2017-11774

Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."

7.8CVSS7.7AI score0.81564EPSS

CVE•added 2000/02/04 5:0 a.m.•652 views

CVE-1999-0519

A NETBIOS/SMB share password is the default, null, or missing.

7.5CVSS6.8AI score0.08661EPSS

CVE•added 2023/09/12 5:15 p.m.•486 views

CVE-2023-36763

Microsoft Outlook Information Disclosure Vulnerability

7.5CVSS7.2AI score0.0128EPSS

CVE•added 2024/03/12 5:15 p.m.•290 views

CVE-2024-26204

Outlook for Android Information Disclosure Vulnerability

7.5CVSS7.3AI score0.01215EPSS

CVE•added 2021/06/08 11:15 p.m.•177 views

CVE-2021-31941

Microsoft Office Graphics Remote Code Execution Vulnerability

7.8CVSS7.6AI score0.03164EPSS

CVE•added 2023/06/01 2:15 a.m.•166 views

CVE-2022-35742

Microsoft Outlook Denial of Service Vulnerability

7.5CVSS7.3AI score0.06007EPSS

CVE•added 2020/10/16 11:15 p.m.•161 views

CVE-2020-16949

A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.Exploitation of the vulnerability requires that a spe...

7.5CVSS4.8AI score0.02936EPSS

CVE•added 2021/06/08 11:15 p.m.•157 views

CVE-2021-31949

Microsoft Outlook Remote Code Execution Vulnerability

7.8CVSS7.2AI score0.00435EPSS

CVE•added 2020/07/14 11:15 p.m.•129 views

CVE-2020-1349

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'.

7.8CVSS7.9AI score0.44783EPSS

CVE•added 2006/01/10 10:3 p.m.•115 views

CVE-2006-0002

Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to messa...

7.5CVSS7.3AI score0.56178EPSS

CVE•added 2020/12/10 12:15 a.m.•114 views

CVE-2020-17119

Microsoft Outlook Information Disclosure Vulnerability

7.5CVSS6.2AI score0.07711EPSS

CVE•added 2021/04/13 8:15 p.m.•111 views

CVE-2021-28452

Microsoft Outlook Memory Corruption Vulnerability

7.8CVSS6.7AI score0.0073EPSS

CVE•added 2025/04/08 6:16 p.m.•93 views

CVE-2025-29805

Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network.

7.5CVSS6.5AI score0.00109EPSS

CVE•added 2017/10/13 1:29 p.m.•78 views

CVE-2017-11776

Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka "Microsoft Outlook Information Disclosure Vulnerability."

7.5CVSS7.2AI score0.18636EPSS

CVE•added 2017/08/01 8:29 p.m.•77 views

CVE-2017-8571

Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature bypass vulnerability due to the way that it handles input, aka "Microsoft Office Outlook Security Feature Bypass Vulnerability".

7.8CVSS7.3AI score0.14406EPSS

CVE•added 2004/08/06 4:0 a.m.•71 views

CVE-2004-0204

Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to...

7.5CVSS6.8AI score0.77622EPSS

CVE•added 2025/01/14 6:16 p.m.•67 views

CVE-2025-21361

Microsoft Outlook Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00152EPSS

CVE•added 2004/09/01 4:0 a.m.•66 views

CVE-2004-0121

Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.

7.5CVSS8.3AI score0.51468EPSS

CVE•added 2024/12/18 11:15 p.m.•64 views

CVE-2024-42220

A library injection vulnerability exists in Microsoft Outlook 16.83.3 for macOS. A specially crafted library can leverage Outlook's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use...

7.1CVSS6.9AI score0.00154EPSS

CVE•added 2002/06/25 4:0 a.m.•53 views

CVE-2001-1088

Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof le...

7.5CVSS6.9AI score0.31947EPSS

CVE•added 2002/06/25 4:0 a.m.•52 views

CVE-2002-1056

Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or rep...

7.5CVSS7.2AI score0.16381EPSS

CVE•added 2000/07/12 4:0 a.m.•51 views

CVE-2000-0419

The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability.

7.5CVSS6.7AI score0.10948EPSS

CVE•added 2008/07/07 11:41 p.m.•49 views

CVE-2008-3068

Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to o...

7.5CVSS6.7AI score0.10248EPSS

CVE•added 2000/02/23 5:0 a.m.•48 views

CVE-2000-0160

The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft.

7.6CVSS6.9AI score0.10325EPSS

CVE•added 2001/05/03 4:0 a.m.•44 views

CVE-2001-0145

Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a malformed vCard birthday field.

7.5CVSS8AI score0.1176EPSS

CVE•added 2005/08/05 4:0 a.m.•44 views

CVE-2002-2101

Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.

7.5CVSS7.2AI score0.16945EPSS

CVE•added 2000/10/13 4:0 a.m.•43 views

CVE-2000-0621

Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.

7.5CVSS6.4AI score0.05844EPSS

CVE•added 2025/07/08 5:15 p.m.•19 views

CVE-2025-49699

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

7CVSS7.3AI score0.00057EPSS