Outlook
by Microsoft
CVEs (139)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-38020 | 0.00 | — | 0.02 | Jul 9, 2024 | Microsoft Outlook Spoofing Vulnerability | |||
| CVE-2024-21402 | 0.00 | — | 0.00 | Feb 13, 2024 | Microsoft Outlook Elevation of Privilege Vulnerability | |||
| CVE-2023-36763 | 0.00 | — | 0.02 | Sep 12, 2023 | Microsoft Outlook Information Disclosure Vulnerability | |||
| CVE-2023-36895 | 0.00 | — | 0.01 | Aug 8, 2023 | Microsoft Outlook Remote Code Execution Vulnerability | |||
| CVE-2023-36893 | 0.00 | — | 0.02 | Aug 8, 2023 | Microsoft Outlook Spoofing Vulnerability | |||
| CVE-2022-23280 | 0.00 | — | 0.02 | Feb 9, 2022 | Microsoft Outlook for Mac Security Feature Bypass Vulnerability | |||
| CVE-2021-31949 | 0.00 | — | 0.03 | Jun 8, 2021 | Microsoft Outlook Remote Code Execution Vulnerability | |||
| CVE-2021-28452 | 0.00 | — | 0.01 | Apr 13, 2021 | Microsoft Outlook Memory Corruption Vulnerability | |||
| CVE-2020-0696 | 0.00 | — | 0.05 | Feb 11, 2020 | A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'. | |||
| CVE-2019-1218 | 0.00 | — | 0.04 | Aug 14, 2019 | A spoofing vulnerability exists in the way Microsoft Outlook iOS software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker who successfully exploited this… | |||
| CVE-2004-2147 | 0.00 | — | 0.01 | Dec 31, 2004 | Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook allow attackers to cause a denial of service (crash) via malformed e-mail messages (1) without a body or (2) without a carriage return ("\n") separating the headers from the body. | |||
| CVE-2003-0007 | 0.00 | — | 0.04 | Feb 7, 2003 | Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to… | |||
| CVE-2000-0753 | 0.00 | — | 0.05 | Oct 20, 2000 | The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files. | |||
| CVE-2000-0756 | 0.00 | — | 0.05 | Oct 20, 2000 | Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service. | |||
| CVE-2000-0415 | 0.00 | — | 0.06 | May 12, 2000 | Buffer overflow in Outlook Express 4.x allows attackers to cause a denial of service via a mail or news message that has a .jpg or .bmp attachment with a long file name. | |||
| CVE-2000-0216 | 0.00 | — | 0.05 | Feb 29, 2000 | Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution… | |||
| CVE-1999-0384 | 0.00 | — | 0.01 | Jan 1, 1999 | The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content. | |||
| CVE-1999-0004 | 0.00 | — | 0.03 | Dec 16, 1997 | MIME buffer overflow in email clients, e.g. Solaris mailtool and Outlook. | |||
| CVE-1999-0519 | 0.00 | — | 0.06 | Jan 1, 1997 | A NETBIOS/SMB share password is the default, null, or missing. |
- CVE-2024-38020Jul 9, 2024risk 0.00cvss —epss 0.02
Microsoft Outlook Spoofing Vulnerability
- CVE-2024-21402Feb 13, 2024risk 0.00cvss —epss 0.00
Microsoft Outlook Elevation of Privilege Vulnerability
- CVE-2023-36763Sep 12, 2023risk 0.00cvss —epss 0.02
Microsoft Outlook Information Disclosure Vulnerability
- CVE-2023-36895Aug 8, 2023risk 0.00cvss —epss 0.01
Microsoft Outlook Remote Code Execution Vulnerability
- CVE-2023-36893Aug 8, 2023risk 0.00cvss —epss 0.02
Microsoft Outlook Spoofing Vulnerability
- CVE-2022-23280Feb 9, 2022risk 0.00cvss —epss 0.02
Microsoft Outlook for Mac Security Feature Bypass Vulnerability
- CVE-2021-31949Jun 8, 2021risk 0.00cvss —epss 0.03
Microsoft Outlook Remote Code Execution Vulnerability
- CVE-2021-28452Apr 13, 2021risk 0.00cvss —epss 0.01
Microsoft Outlook Memory Corruption Vulnerability
- CVE-2020-0696Feb 11, 2020risk 0.00cvss —epss 0.05
A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.
- CVE-2019-1218Aug 14, 2019risk 0.00cvss —epss 0.04
A spoofing vulnerability exists in the way Microsoft Outlook iOS software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker who successfully exploited this…
- CVE-2004-2147Dec 31, 2004risk 0.00cvss —epss 0.01
Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook allow attackers to cause a denial of service (crash) via malformed e-mail messages (1) without a body or (2) without a carriage return ("\n") separating the headers from the body.
- CVE-2003-0007Feb 7, 2003risk 0.00cvss —epss 0.04
Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to…
- CVE-2000-0753Oct 20, 2000risk 0.00cvss —epss 0.05
The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files.
- CVE-2000-0756Oct 20, 2000risk 0.00cvss —epss 0.05
Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
- CVE-2000-0415May 12, 2000risk 0.00cvss —epss 0.06
Buffer overflow in Outlook Express 4.x allows attackers to cause a denial of service via a mail or news message that has a .jpg or .bmp attachment with a long file name.
- CVE-2000-0216Feb 29, 2000risk 0.00cvss —epss 0.05
Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution…
- CVE-1999-0384Jan 1, 1999risk 0.00cvss —epss 0.01
The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content.
- CVE-1999-0004Dec 16, 1997risk 0.00cvss —epss 0.03
MIME buffer overflow in email clients, e.g. Solaris mailtool and Outlook.
- CVE-1999-0519Jan 1, 1997risk 0.00cvss —epss 0.06
A NETBIOS/SMB share password is the default, null, or missing.
Page 7 of 7