Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Outlook
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 112 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-08-14 | CVE-2019-1200 | A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. To exploit the vulnerability, a user must open a specially crafted file with an affected... | Office, Office_365_proplus, Outlook | 7.8 | ||
| 2019-08-14 | CVE-2019-1218 | A spoofing vulnerability exists in the way Microsoft Outlook iOS software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user. The security update addresses the vulnerability by correcting how... | Outlook | 5.4 | ||
| 2004-04-15 | CVE-2004-0121 | Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs. | Office, Outlook | N/A | ||
| 2006-04-26 | CVE-2006-2055 | Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. | Outlook | N/A | ||
| 2004-07-27 | CVE-2003-1048 | Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image. | Internet_explorer, Outlook, Windows_98, Windows_98se, Windows_me, Windows_nt, Windows_server_2003, Windows_xp | 7.8 | ||
| 2000-02-21 | CVE-2000-0160 | The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft. | Ie, Internet_explorer, Outlook | N/A | ||
| 2000-10-20 | CVE-2000-0756 | Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service. | Outlook | N/A | ||
| 2001-06-05 | CVE-2001-1088 | Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user. | Outlook, Outlook_express | N/A | ||
| 1997-01-01 | CVE-1999-0519 | A NETBIOS/SMB share password is the default, null, or missing. | Outlook, Windows_2000, Windows_95, Windows_nt | N/A | ||
| 2013-11-13 | CVE-2013-3905 | Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attackers to obtain sensitive network configuration and state information via a crafted certificate in an e-mail message, aka "S/MIME AIA Vulnerability." | Outlook | N/A |