VYPR

Outlook

by Microsoft

CVEs (139)

  • CVE-2001-0538Aug 14, 2001
    risk 0.07cvss epss 0.53

    Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.

  • CVE-2000-0567Jul 18, 2000
    risk 0.06cvss epss 0.32

    Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability.

  • CVE-2004-0502Aug 18, 2004
    risk 0.05cvss epss 0.20

    Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as…

  • CVE-2001-1088Jun 5, 2001
    risk 0.05cvss epss 0.20

    Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote…

  • CVE-2001-0322Jun 2, 2001
    risk 0.05cvss epss 0.21

    MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object.

  • CVE-2020-16947Oct 16, 2020
    risk 0.04cvss epss 0.34

    A remote code execution vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the targeted user. If the targeted user…

  • CVE-2006-6659Dec 20, 2006
    risk 0.04cvss epss 0.16

    The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.

  • CVE-2006-0002Jan 10, 2006
    risk 0.04cvss epss 0.46

    Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME…

  • CVE-2004-0501Aug 18, 2004
    risk 0.04cvss epss 0.19

    Outlook 2003 allows remote attackers to bypass intended access restrictions and cause Outlook to request a URL from a remote site via an HTML e-mail message containing a Vector Markup Language (VML) entity whose src parameter points to the remote site, which could allow remote…

  • CVE-2004-0526Aug 6, 2004
    risk 0.04cvss epss 0.17

    Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which…

  • CVE-2003-1378Dec 31, 2003
    risk 0.04cvss epss 0.16

    Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.

  • CVE-2000-0329Nov 11, 1999
    risk 0.04cvss epss 0.08

    A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.

  • CVE-2025-47171Jun 10, 2025
    risk 0.03cvss epss 0.01

    Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.

  • CVE-2023-33131Jun 13, 2023
    risk 0.03cvss epss 0.06

    Microsoft Outlook Remote Code Execution Vulnerability

  • CVE-2020-0760Apr 15, 2020
    risk 0.03cvss epss 0.09

    A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.

  • CVE-2018-8587Dec 12, 2018
    risk 0.03cvss epss 0.29

    A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.

  • CVE-2008-4837Dec 10, 2008
    risk 0.03cvss epss 0.37

    Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 allow remote attackers to…

  • CVE-2008-4028Dec 10, 2008
    risk 0.03cvss epss 0.38

    Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format…

  • CVE-2008-4027Dec 10, 2008
    risk 0.03cvss epss 0.34

    Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Office 2004 for Mac…

  • CVE-2008-4025Dec 10, 2008
    risk 0.03cvss epss 0.33

    Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and…

Page 3 of 7