Filtered by vendor Microsoft
Subscriptions
Filtered by product Outlook
Subscriptions
Total
120 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-0384 | 1 Microsoft | 6 Office, Outlook, Project and 3 more | 2025-04-03 | N/A |
| The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content. | ||||
| CVE-2000-0329 | 1 Microsoft | 4 Ie, Internet Explorer, Outlook and 1 more | 2025-04-03 | N/A |
| A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability. | ||||
| CVE-2000-0415 | 1 Microsoft | 2 Outlook, Outlook Express | 2025-04-03 | N/A |
| Buffer overflow in Outlook Express 4.x allows attackers to cause a denial of service via a mail or news message that has a .jpg or .bmp attachment with a long file name. | ||||
| CVE-2000-0216 | 1 Microsoft | 3 Exchange Server, Outlook, Windows Messaging | 2025-04-03 | N/A |
| Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list. | ||||
| CVE-2006-0002 | 1 Microsoft | 3 Exchange Server, Office, Outlook | 2025-04-03 | N/A |
| Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation. | ||||
| CVE-2004-0502 | 1 Microsoft | 1 Outlook | 2025-04-03 | N/A |
| Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as demonstrated using a shell: URI. | ||||
| CVE-2006-2055 | 1 Microsoft | 1 Outlook | 2025-04-03 | N/A |
| Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. | ||||
| CVE-2005-1052 | 1 Microsoft | 2 Outlook, Outlook Web Access | 2025-04-03 | N/A |
| Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses. | ||||
| CVE-2004-0526 | 1 Microsoft | 4 Ie, Internet Explorer, Outlook and 1 more | 2025-04-03 | N/A |
| Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. | ||||
| CVE-2001-1088 | 1 Microsoft | 2 Outlook, Outlook Express | 2025-04-03 | N/A |
| Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user. | ||||
| CVE-2004-0284 | 1 Microsoft | 3 Ie, Internet Explorer, Outlook | 2025-04-03 | N/A |
| Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name. | ||||
| CVE-2002-2100 | 1 Microsoft | 1 Outlook | 2025-04-03 | N/A |
| Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content. | ||||
| CVE-2000-0160 | 1 Microsoft | 3 Ie, Internet Explorer, Outlook | 2025-04-03 | N/A |
| The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft. | ||||
| CVE-2000-0419 | 1 Microsoft | 10 Access, Excel, Frontpage and 7 more | 2025-04-03 | N/A |
| The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability. | ||||
| CVE-2000-0524 | 1 Microsoft | 2 Exchange Server, Outlook | 2025-04-03 | N/A |
| Microsoft Outlook and Outlook Express allow remote attackers to cause a denial of service by sending email messages with blank fields such as BCC, Reply-To, Return-Path, or From. | ||||
| CVE-2002-1696 | 2 Microsoft, Pgp | 2 Outlook, Personal Privacy | 2025-04-03 | 5.5 Medium |
| Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message. | ||||
| CVE-2001-0145 | 1 Microsoft | 2 Outlook, Outlook Express | 2025-04-03 | N/A |
| Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a malformed vCard birthday field. | ||||
| CVE-2002-1056 | 1 Microsoft | 2 Outlook, Word | 2025-04-03 | N/A |
| Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to. | ||||
| CVE-2002-0481 | 1 Microsoft | 1 Outlook | 2025-04-03 | N/A |
| An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function. | ||||
| CVE-2000-0621 | 1 Microsoft | 2 Outlook, Outlook Express | 2025-04-03 | N/A |
| Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability. | ||||