Outlook Express
by Microsoft
CVEs (47)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-1999-1016 | 0.04 | — | 0.08 | Aug 27, 1999 | Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as… | |||
| CVE-1999-1033 | 0.04 | — | 0.17 | May 11, 1999 | Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause Outlook to re-enter POP3 command mode and cause the POP3 session to hang. | |||
| CVE-2008-1448 | 0.02 | — | 0.27 | Aug 13, 2008 | The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read… | |||
| CVE-2007-2227 | 0.02 | — | 0.25 | Jun 12, 2007 | The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition… | |||
| CVE-2007-2225 | 0.02 | — | 0.25 | Jun 12, 2007 | A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing… | |||
| CVE-2006-2386 | 0.02 | — | 0.29 | Dec 13, 2006 | Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. | |||
| CVE-2006-0014 | 0.02 | — | 0.24 | Apr 12, 2006 | Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values. | |||
| CVE-2004-2137 | 0.02 | — | 0.26 | Dec 31, 2004 | Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information. | |||
| CVE-2001-0945 | 0.02 | — | 0.20 | Dec 3, 2001 | Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line. | |||
| CVE-2000-0621 | 0.02 | — | 0.22 | Jul 20, 2000 | Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability. | |||
| CVE-2008-5424 | 0.01 | — | 0.12 | Dec 11, 2008 | The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows… | |||
| CVE-2005-2226 | 0.01 | — | 0.13 | Jul 12, 2005 | Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information. | |||
| CVE-2004-2694 | 0.01 | — | 0.09 | Dec 31, 2004 | Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top". | |||
| CVE-2004-0215 | 0.01 | — | 0.16 | Aug 6, 2004 | Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header. | |||
| CVE-2002-0285 | 0.01 | — | 0.12 | May 31, 2002 | Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with… | |||
| CVE-2002-0152 | 0.01 | — | 0.17 | Apr 22, 2002 | Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0… | |||
| CVE-2001-1547 | 0.01 | — | 0.14 | Dec 31, 2001 | Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code. | |||
| CVE-2001-0999 | 0.01 | — | 0.12 | Sep 12, 2001 | Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script. | |||
| CVE-2001-0145 | 0.01 | — | 0.07 | May 3, 2001 | Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a malformed vCard birthday field. | |||
| CVE-2000-0524 | 0.01 | — | 0.15 | Jun 5, 2000 | Microsoft Outlook and Outlook Express allow remote attackers to cause a denial of service by sending email messages with blank fields such as BCC, Reply-To, Return-Path, or From. |
- CVE-1999-1016Aug 27, 1999risk 0.04cvss —epss 0.08
Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as…
- CVE-1999-1033May 11, 1999risk 0.04cvss —epss 0.17
Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause Outlook to re-enter POP3 command mode and cause the POP3 session to hang.
- CVE-2008-1448Aug 13, 2008risk 0.02cvss —epss 0.27
The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read…
- CVE-2007-2227Jun 12, 2007risk 0.02cvss —epss 0.25
The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition…
- CVE-2007-2225Jun 12, 2007risk 0.02cvss —epss 0.25
A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing…
- CVE-2006-2386Dec 13, 2006risk 0.02cvss —epss 0.29
Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file.
- CVE-2006-0014Apr 12, 2006risk 0.02cvss —epss 0.24
Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.
- CVE-2004-2137Dec 31, 2004risk 0.02cvss —epss 0.26
Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information.
- CVE-2001-0945Dec 3, 2001risk 0.02cvss —epss 0.20
Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line.
- CVE-2000-0621Jul 20, 2000risk 0.02cvss —epss 0.22
Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
- CVE-2008-5424Dec 11, 2008risk 0.01cvss —epss 0.12
The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows…
- CVE-2005-2226Jul 12, 2005risk 0.01cvss —epss 0.13
Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information.
- CVE-2004-2694Dec 31, 2004risk 0.01cvss —epss 0.09
Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top".
- CVE-2004-0215Aug 6, 2004risk 0.01cvss —epss 0.16
Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.
- CVE-2002-0285May 31, 2002risk 0.01cvss —epss 0.12
Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with…
- CVE-2002-0152Apr 22, 2002risk 0.01cvss —epss 0.17
Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0…
- CVE-2001-1547Dec 31, 2001risk 0.01cvss —epss 0.14
Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code.
- CVE-2001-0999Sep 12, 2001risk 0.01cvss —epss 0.12
Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script.
- CVE-2001-0145May 3, 2001risk 0.01cvss —epss 0.07
Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a malformed vCard birthday field.
- CVE-2000-0524Jun 5, 2000risk 0.01cvss —epss 0.15
Microsoft Outlook and Outlook Express allow remote attackers to cause a denial of service by sending email messages with blank fields such as BCC, Reply-To, Return-Path, or From.
Page 2 of 3