Product:

Outlook

(Microsoft)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 108
Date Id Summary Products Score Patch Annotated
1999-11-11 CVE-2000-0329 A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability. Ie, Internet_explorer, Outlook, Outlook_express N/A
2001-06-02 CVE-2001-0322 MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object. Internet_explorer, Outlook, Outlook_express N/A
2004-08-06 CVE-2004-0526 Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. Ie, Internet_explorer, Outlook, Outlook_express N/A
2004-11-23 CVE-2004-0284 Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name. Ie, Internet_explorer, Outlook N/A
2006-09-19 CVE-2006-4868 Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag. Internet_explorer, Outlook N/A
2020-04-15 CVE-2020-0760 A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991. Access, Excel, Office, Office_365_proplus, Outlook, Powerpoint, Project, Publisher, Visio, Word 8.8
2018-02-15 CVE-2018-0852 Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Outlook handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0851. Office, Outlook 8.8
2018-02-15 CVE-2018-0851 Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Office handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0852. Office, Office_word_viewer, Outlook 8.8
2017-06-15 CVE-2017-8545 A spoofing vulnerability exists in when Microsoft Outlook for Mac does not sanitize html properly, aka "Microsoft Outlook for Mac Spoofing Vulnerability". Outlook 6.5
2019-07-15 CVE-2019-1084 An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka... Exchange_server, Lync, Lync_basic, Mail_and_calendar, Office, Office_365_proplus, Outlook, Skype_for_business, Skype_for_business_basic 6.5