VYPR

Outlook

by Microsoft

CVEs (139)

  • CVE-2023-35636Dec 12, 2023
    risk 0.01cvss epss 0.18

    Microsoft Outlook Information Disclosure Vulnerability

  • CVE-2022-35742Jun 1, 2023
    risk 0.01cvss epss 0.22

    Microsoft Outlook Denial of Service Vulnerability

  • CVE-2021-31941Jun 8, 2021
    risk 0.01cvss epss 0.03

    Microsoft Office Graphics Remote Code Execution Vulnerability

  • CVE-2020-17119Dec 9, 2020
    risk 0.01cvss epss 0.04

    Microsoft Outlook Information Disclosure Vulnerability

  • CVE-2020-16949Oct 16, 2020
    risk 0.01cvss epss 0.03

    A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system. Exploitation of the…

  • CVE-2020-1229Jun 9, 2020
    risk 0.01cvss epss 0.04

    A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.

  • CVE-2019-1200Aug 14, 2019
    risk 0.01cvss epss 0.05

    A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current…

  • CVE-2019-1199Aug 14, 2019
    risk 0.01cvss epss 0.05

    A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on…

  • CVE-2019-1204Aug 14, 2019
    risk 0.01cvss epss 0.04

    An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a…

  • CVE-2019-1084Jul 15, 2019
    risk 0.01cvss epss 0.05

    An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to…

  • CVE-2018-8558Nov 14, 2018
    risk 0.01cvss epss 0.06

    An information disclosure vulnerability exists when Microsoft Outlook fails to respect "Default link type" settings configured via the SharePoint Online Admin Center, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office.…

  • CVE-2018-8579Nov 14, 2018
    risk 0.01cvss epss 0.06

    An information disclosure vulnerability exists when attaching files to Outlook messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8558.

  • CVE-2013-3905Nov 13, 2013
    risk 0.01cvss epss 0.12

    Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attackers to obtain sensitive network configuration and state information via a crafted certificate in an e-mail message, aka…

  • CVE-2013-3870Sep 11, 2013
    risk 0.01cvss epss 0.19

    Double free vulnerability in Microsoft Outlook 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to execute arbitrary code by including many nested S/MIME certificates in an e-mail message, aka "Message Certificate Vulnerability."

  • CVE-2010-2728Sep 15, 2010
    risk 0.01cvss epss 0.17

    Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."

  • CVE-2008-3068Jul 7, 2008
    risk 0.01cvss epss 0.17

    Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows…

  • CVE-2006-3877Oct 10, 2006
    risk 0.01cvss epss 0.12

    Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435,…

  • CVE-2006-2055Apr 26, 2006
    risk 0.01cvss epss 0.15

    Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an…

  • CVE-2005-1052May 2, 2005
    risk 0.01cvss epss 0.09

    Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.

  • CVE-2004-2482Dec 31, 2004
    risk 0.01cvss epss 0.13

    Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in…

Page 5 of 7