Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Outlook
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 108 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2006-01-10 | CVE-2006-0002 | Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation. | Exchange_server, Office, Outlook | N/A | ||
| 2000-06-05 | CVE-2000-0524 | Microsoft Outlook and Outlook Express allow remote attackers to cause a denial of service by sending email messages with blank fields such as BCC, Reply-To, Return-Path, or From. | Exchange_server, Outlook | N/A | ||
| 2020-02-11 | CVE-2020-0696 | A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'. | Office, Office_365_proplus, Outlook | N/A | ||
| 2020-01-24 | CVE-2019-1460 | A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'. | Outlook | N/A | ||
| 2017-06-15 | CVE-2017-8508 | A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats, aka "Microsoft Office Security Feature Bypass Vulnerability". | Outlook | 5.5 | ||
| 2017-06-15 | CVE-2017-8506 | A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-0260. | Outlook | 7.8 | ||
| 2018-05-16 | CVE-2017-17689 | The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. | Nine, Mail, Airmail, Emclient, Maildroid, Mailmate, Evolution, Gmail, Horde_imp, Notes, Kmail, Trojita, Outlook, Thunderbird, Postbox, R2mail2, The_bat | 5.9 | ||
| 2017-04-12 | CVE-2017-0207 | Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka "Microsoft Browser Spoofing Vulnerability." | Outlook | 6.5 | ||
| 2017-04-12 | CVE-2017-0204 | Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability." | Outlook | 5.5 | ||
| 2019-07-29 | CVE-2019-1105 | A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'. | Outlook | 5.4 |