Outlook
by Microsoft
CVEs (139)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-0110 | 0.03 | — | 0.32 | Mar 11, 2008 | Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI. | |||
| CVE-2007-0034 | 0.03 | — | 0.37 | Jan 9, 2007 | Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced… | |||
| CVE-2007-0033 | 0.03 | — | 0.32 | Jan 9, 2007 | Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file. | |||
| CVE-2024-21378 | 0.02 | — | 0.11 | Feb 13, 2024 | Microsoft Outlook Remote Code Execution Vulnerability | |||
| CVE-2020-1483 | 0.02 | — | 0.09 | Aug 17, 2020 | A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on… | |||
| CVE-2020-1493 | 0.02 | — | 0.07 | Aug 17, 2020 | An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users. To exploit this… | |||
| CVE-2020-1349 | 0.02 | — | 0.23 | Jul 14, 2020 | A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'. | |||
| CVE-2019-0559 | 0.02 | — | 0.07 | Jan 8, 2019 | An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. | |||
| CVE-2018-8576 | 0.02 | — | 0.19 | Nov 14, 2018 | A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique… | |||
| CVE-2018-8522 | 0.02 | — | 0.19 | Nov 14, 2018 | A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique… | |||
| CVE-2018-8582 | 0.02 | — | 0.19 | Nov 14, 2018 | A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique… | |||
| CVE-2018-8524 | 0.02 | — | 0.19 | Nov 14, 2018 | A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique… | |||
| CVE-2008-4031 | 0.02 | — | 0.23 | Dec 10, 2008 | Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format… | |||
| CVE-2008-4030 | 0.02 | — | 0.23 | Dec 10, 2008 | Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via… | |||
| CVE-2008-4026 | 0.02 | — | 0.23 | Dec 10, 2008 | Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow… | |||
| CVE-2008-4024 | 0.02 | — | 0.29 | Dec 10, 2008 | Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary… | |||
| CVE-2006-1305 | 0.02 | — | 0.31 | Dec 31, 2006 | Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in… | |||
| CVE-2000-0621 | 0.02 | — | 0.22 | Jul 20, 2000 | Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability. | |||
| CVE-2000-0419 | 0.02 | — | 0.21 | May 11, 2000 | The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability. | |||
| CVE-2024-38021 | 0.01 | — | 0.04 | Jul 9, 2024 | Microsoft Outlook Remote Code Execution Vulnerability |
- CVE-2008-0110Mar 11, 2008risk 0.03cvss —epss 0.32
Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
- CVE-2007-0034Jan 9, 2007risk 0.03cvss —epss 0.37
Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced…
- CVE-2007-0033Jan 9, 2007risk 0.03cvss —epss 0.32
Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.
- CVE-2024-21378Feb 13, 2024risk 0.02cvss —epss 0.11
Microsoft Outlook Remote Code Execution Vulnerability
- CVE-2020-1483Aug 17, 2020risk 0.02cvss —epss 0.09
A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on…
- CVE-2020-1493Aug 17, 2020risk 0.02cvss —epss 0.07
An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users. To exploit this…
- CVE-2020-1349Jul 14, 2020risk 0.02cvss —epss 0.23
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'.
- CVE-2019-0559Jan 8, 2019risk 0.02cvss —epss 0.07
An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.
- CVE-2018-8576Nov 14, 2018risk 0.02cvss —epss 0.19
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique…
- CVE-2018-8522Nov 14, 2018risk 0.02cvss —epss 0.19
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique…
- CVE-2018-8582Nov 14, 2018risk 0.02cvss —epss 0.19
A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique…
- CVE-2018-8524Nov 14, 2018risk 0.02cvss —epss 0.19
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique…
- CVE-2008-4031Dec 10, 2008risk 0.02cvss —epss 0.23
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format…
- CVE-2008-4030Dec 10, 2008risk 0.02cvss —epss 0.23
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via…
- CVE-2008-4026Dec 10, 2008risk 0.02cvss —epss 0.23
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow…
- CVE-2008-4024Dec 10, 2008risk 0.02cvss —epss 0.29
Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary…
- CVE-2006-1305Dec 31, 2006risk 0.02cvss —epss 0.31
Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in…
- CVE-2000-0621Jul 20, 2000risk 0.02cvss —epss 0.22
Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
- CVE-2000-0419May 11, 2000risk 0.02cvss —epss 0.21
The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability.
- CVE-2024-38021Jul 9, 2024risk 0.01cvss —epss 0.04
Microsoft Outlook Remote Code Execution Vulnerability
Page 4 of 7