Outlook
by Microsoft
CVEs (139)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-33153 | Med | 0.44 | 6.8 | 0.01 | Jul 11, 2023 | Microsoft Outlook Remote Code Execution Vulnerability | ||
| CVE-2016-3366 | Med | 0.44 | 6.5 | 0.16 | Sep 14, 2016 | Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, Outlook 2016, and Outlook 2016 for Mac do not properly implement RFC 2046, which allows remote attackers to bypass virus or spam detection via crafted MIME data in an e-mail attachment, aka… | ||
| CVE-2018-8244 | Med | 0.43 | 6.5 | 0.05 | Jun 14, 2018 | An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook. | ||
| CVE-2018-8160 | Med | 0.43 | 6.5 | 0.08 | May 9, 2018 | An information disclosure vulnerability exists in Outlook when a message is opened, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Word, Microsoft Office. | ||
| CVE-2018-8150 | Med | 0.43 | 6.5 | 0.05 | May 9, 2018 | A security feature bypass vulnerability exists when the Microsoft Outlook attachment block filter does not properly handle attachments, aka "Microsoft Outlook Security Feature Bypass Vulnerability." This affects Microsoft Office. | ||
| CVE-2018-0850 | Med | 0.43 | 6.5 | 0.05 | Feb 15, 2018 | Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of… | ||
| CVE-2017-8545 | Med | 0.43 | 6.5 | 0.05 | Jun 15, 2017 | A spoofing vulnerability exists in when Microsoft Outlook for Mac does not sanitize html properly, aka "Microsoft Outlook for Mac Spoofing Vulnerability". | ||
| CVE-2017-0207 | Med | 0.43 | 6.5 | 0.10 | Apr 12, 2017 | Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka "Microsoft Browser Spoofing Vulnerability." | ||
| CVE-2023-33151 | Med | 0.42 | 6.5 | 0.03 | Jul 11, 2023 | Microsoft Outlook Spoofing Vulnerability | ||
| CVE-2017-8572 | Med | 0.37 | 5.5 | 0.13 | Aug 1, 2017 | Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information disclosure vulnerability due to the way that it discloses the contents of its memory, aka "Microsoft Office Outlook… | ||
| CVE-2017-0204 | Med | 0.37 | 5.5 | 0.19 | Apr 12, 2017 | Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability." | ||
| CVE-2017-8508 | Med | 0.36 | 5.5 | 0.04 | Jun 15, 2017 | A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats, aka "Microsoft Office Security Feature Bypass Vulnerability". | ||
| CVE-2024-21413 | 0.19 | — | 0.95 | KEV | Feb 13, 2024 | Microsoft Outlook Remote Code Execution Vulnerability | ||
| CVE-2023-23397 | 0.19 | — | 0.97 | KEV | Mar 14, 2023 | Microsoft Outlook Elevation of Privilege Vulnerability | ||
| CVE-2023-35311 | 0.12 | — | 0.15 | KEV | Jul 11, 2023 | Microsoft Outlook Security Feature Bypass Vulnerability | ||
| CVE-2004-0204 | 0.09 | — | 0.73 | Aug 6, 2004 | Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows… | |||
| CVE-2006-4868 | 0.08 | — | 0.62 | Sep 19, 2006 | Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a… | |||
| CVE-2010-0266 | 0.07 | — | 0.55 | Jul 15, 2010 | Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka… | |||
| CVE-2004-0200 | 0.07 | — | 0.49 | Sep 28, 2004 | Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length… | |||
| CVE-2004-0121 | 0.07 | — | 0.48 | Apr 15, 2004 | Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs. |
- risk 0.44cvss 6.8epss 0.01
Microsoft Outlook Remote Code Execution Vulnerability
- risk 0.44cvss 6.5epss 0.16
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, Outlook 2016, and Outlook 2016 for Mac do not properly implement RFC 2046, which allows remote attackers to bypass virus or spam detection via crafted MIME data in an e-mail attachment, aka…
- risk 0.43cvss 6.5epss 0.05
An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook.
- risk 0.43cvss 6.5epss 0.08
An information disclosure vulnerability exists in Outlook when a message is opened, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Word, Microsoft Office.
- risk 0.43cvss 6.5epss 0.05
A security feature bypass vulnerability exists when the Microsoft Outlook attachment block filter does not properly handle attachments, aka "Microsoft Outlook Security Feature Bypass Vulnerability." This affects Microsoft Office.
- risk 0.43cvss 6.5epss 0.05
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of…
- risk 0.43cvss 6.5epss 0.05
A spoofing vulnerability exists in when Microsoft Outlook for Mac does not sanitize html properly, aka "Microsoft Outlook for Mac Spoofing Vulnerability".
- risk 0.43cvss 6.5epss 0.10
Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka "Microsoft Browser Spoofing Vulnerability."
- risk 0.42cvss 6.5epss 0.03
Microsoft Outlook Spoofing Vulnerability
- risk 0.37cvss 5.5epss 0.13
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information disclosure vulnerability due to the way that it discloses the contents of its memory, aka "Microsoft Office Outlook…
- risk 0.37cvss 5.5epss 0.19
Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability."
- risk 0.36cvss 5.5epss 0.04
A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats, aka "Microsoft Office Security Feature Bypass Vulnerability".
- risk 0.19cvss —epss 0.95
Microsoft Outlook Remote Code Execution Vulnerability
- risk 0.19cvss —epss 0.97
Microsoft Outlook Elevation of Privilege Vulnerability
- risk 0.12cvss —epss 0.15
Microsoft Outlook Security Feature Bypass Vulnerability
- CVE-2004-0204Aug 6, 2004risk 0.09cvss —epss 0.73
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows…
- CVE-2006-4868Sep 19, 2006risk 0.08cvss —epss 0.62
Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a…
- CVE-2010-0266Jul 15, 2010risk 0.07cvss —epss 0.55
Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka…
- CVE-2004-0200Sep 28, 2004risk 0.07cvss —epss 0.49
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length…
- CVE-2004-0121Apr 15, 2004risk 0.07cvss —epss 0.48
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
Page 2 of 7