Outlook
by Microsoft
CVEs (139)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-35636 | 0.01 | — | 0.18 | Dec 12, 2023 | Microsoft Outlook Information Disclosure Vulnerability | |||
| CVE-2022-35742 | 0.01 | — | 0.22 | Jun 1, 2023 | Microsoft Outlook Denial of Service Vulnerability | |||
| CVE-2021-31941 | 0.01 | — | 0.03 | Jun 8, 2021 | Microsoft Office Graphics Remote Code Execution Vulnerability | |||
| CVE-2020-17119 | 0.01 | — | 0.04 | Dec 9, 2020 | Microsoft Outlook Information Disclosure Vulnerability | |||
| CVE-2020-16949 | 0.01 | — | 0.03 | Oct 16, 2020 | A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system. Exploitation of the… | |||
| CVE-2020-1229 | 0.01 | — | 0.04 | Jun 9, 2020 | A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'. | |||
| CVE-2019-1200 | 0.01 | — | 0.05 | Aug 14, 2019 | A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current… | |||
| CVE-2019-1199 | 0.01 | — | 0.05 | Aug 14, 2019 | A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on… | |||
| CVE-2019-1204 | 0.01 | — | 0.04 | Aug 14, 2019 | An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a… | |||
| CVE-2019-1084 | 0.01 | — | 0.05 | Jul 15, 2019 | An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to… | |||
| CVE-2018-8558 | 0.01 | — | 0.06 | Nov 14, 2018 | An information disclosure vulnerability exists when Microsoft Outlook fails to respect "Default link type" settings configured via the SharePoint Online Admin Center, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office.… | |||
| CVE-2018-8579 | 0.01 | — | 0.06 | Nov 14, 2018 | An information disclosure vulnerability exists when attaching files to Outlook messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8558. | |||
| CVE-2013-3905 | 0.01 | — | 0.12 | Nov 13, 2013 | Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attackers to obtain sensitive network configuration and state information via a crafted certificate in an e-mail message, aka… | |||
| CVE-2013-3870 | 0.01 | — | 0.19 | Sep 11, 2013 | Double free vulnerability in Microsoft Outlook 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to execute arbitrary code by including many nested S/MIME certificates in an e-mail message, aka "Message Certificate Vulnerability." | |||
| CVE-2010-2728 | 0.01 | — | 0.17 | Sep 15, 2010 | Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability." | |||
| CVE-2008-3068 | 0.01 | — | 0.17 | Jul 7, 2008 | Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows… | |||
| CVE-2006-3877 | 0.01 | — | 0.12 | Oct 10, 2006 | Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435,… | |||
| CVE-2006-2055 | 0.01 | — | 0.15 | Apr 26, 2006 | Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an… | |||
| CVE-2005-1052 | 0.01 | — | 0.09 | May 2, 2005 | Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses. | |||
| CVE-2004-2482 | 0.01 | — | 0.13 | Dec 31, 2004 | Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in… |
- CVE-2023-35636Dec 12, 2023risk 0.01cvss —epss 0.18
Microsoft Outlook Information Disclosure Vulnerability
- CVE-2022-35742Jun 1, 2023risk 0.01cvss —epss 0.22
Microsoft Outlook Denial of Service Vulnerability
- CVE-2021-31941Jun 8, 2021risk 0.01cvss —epss 0.03
Microsoft Office Graphics Remote Code Execution Vulnerability
- CVE-2020-17119Dec 9, 2020risk 0.01cvss —epss 0.04
Microsoft Outlook Information Disclosure Vulnerability
- CVE-2020-16949Oct 16, 2020risk 0.01cvss —epss 0.03
A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system. Exploitation of the…
- CVE-2020-1229Jun 9, 2020risk 0.01cvss —epss 0.04
A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.
- CVE-2019-1200Aug 14, 2019risk 0.01cvss —epss 0.05
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current…
- CVE-2019-1199Aug 14, 2019risk 0.01cvss —epss 0.05
A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on…
- CVE-2019-1204Aug 14, 2019risk 0.01cvss —epss 0.04
An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a…
- CVE-2019-1084Jul 15, 2019risk 0.01cvss —epss 0.05
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to…
- CVE-2018-8558Nov 14, 2018risk 0.01cvss —epss 0.06
An information disclosure vulnerability exists when Microsoft Outlook fails to respect "Default link type" settings configured via the SharePoint Online Admin Center, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office.…
- CVE-2018-8579Nov 14, 2018risk 0.01cvss —epss 0.06
An information disclosure vulnerability exists when attaching files to Outlook messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8558.
- CVE-2013-3905Nov 13, 2013risk 0.01cvss —epss 0.12
Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attackers to obtain sensitive network configuration and state information via a crafted certificate in an e-mail message, aka…
- CVE-2013-3870Sep 11, 2013risk 0.01cvss —epss 0.19
Double free vulnerability in Microsoft Outlook 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to execute arbitrary code by including many nested S/MIME certificates in an e-mail message, aka "Message Certificate Vulnerability."
- CVE-2010-2728Sep 15, 2010risk 0.01cvss —epss 0.17
Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."
- CVE-2008-3068Jul 7, 2008risk 0.01cvss —epss 0.17
Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows…
- CVE-2006-3877Oct 10, 2006risk 0.01cvss —epss 0.12
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435,…
- CVE-2006-2055Apr 26, 2006risk 0.01cvss —epss 0.15
Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an…
- CVE-2005-1052May 2, 2005risk 0.01cvss —epss 0.09
Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.
- CVE-2004-2482Dec 31, 2004risk 0.01cvss —epss 0.13
Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in…
Page 5 of 7