VYPR

Outlook

by Microsoft

CVEs (139)

  • CVE-2004-0284Nov 23, 2004
    risk 0.01cvss epss 0.17

    Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.

  • CVE-2004-0503Aug 18, 2004
    risk 0.01cvss epss 0.11

    Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting…

  • CVE-2002-2100Dec 31, 2002
    risk 0.01cvss epss 0.11

    Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.

  • CVE-2002-2101Dec 31, 2002
    risk 0.01cvss epss 0.11

    Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.

  • CVE-2002-1255Dec 18, 2002
    risk 0.01cvss epss 0.14

    Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."

  • CVE-2002-0481Aug 12, 2002
    risk 0.01cvss epss 0.10

    An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers…

  • CVE-2002-1056May 16, 2002
    risk 0.01cvss epss 0.19

    Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the…

  • CVE-2001-0145May 3, 2001
    risk 0.01cvss epss 0.07

    Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a malformed vCard birthday field.

  • CVE-2000-0662Jul 14, 2000
    risk 0.01cvss epss 0.21

    Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control (DHTMLED).

  • CVE-2000-0524Jun 5, 2000
    risk 0.01cvss epss 0.15

    Microsoft Outlook and Outlook Express allow remote attackers to cause a denial of service by sending email messages with blank fields such as BCC, Reply-To, Return-Path, or From.

  • CVE-2000-0160Feb 21, 2000
    risk 0.01cvss epss 0.09

    The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft.

  • CVE-1999-1164Jun 25, 1999
    risk 0.01cvss epss 0.13

    Microsoft Outlook client allows remote attackers to cause a denial of service by sending multiple email messages with the same X-UIDL headers, which causes Outlook to hang.

  • CVE-2026-21511Feb 10, 2026
    risk 0.00cvss epss 0.04

    Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-21260Feb 10, 2026
    risk 0.00cvss epss 0.01

    Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2025-62562Dec 9, 2025
    risk 0.00cvss epss 0.01

    Use after free in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.

  • CVE-2025-49699Jul 8, 2025
    risk 0.00cvss epss 0.00

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2025-47176Jun 10, 2025
    risk 0.00cvss epss 0.01

    '.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally.

  • CVE-2025-21357Jan 14, 2025
    risk 0.00cvss epss 0.01

    Microsoft Outlook Remote Code Execution Vulnerability

  • CVE-2024-42220Dec 18, 2024
    risk 0.00cvss epss 0.01

    A library injection vulnerability exists in Microsoft Outlook 16.83.3 for macOS. A specially crafted library can leverage Outlook's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this…

  • CVE-2024-38173Aug 13, 2024
    risk 0.00cvss epss 0.01

    Microsoft Outlook Remote Code Execution Vulnerability

Page 6 of 7