VYPR

Outlook Express

by Microsoft

CVEs (47)

  • CVE-1999-1016Aug 27, 1999
    risk 0.04cvss epss 0.08

    Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as…

  • CVE-1999-1033May 11, 1999
    risk 0.04cvss epss 0.17

    Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause Outlook to re-enter POP3 command mode and cause the POP3 session to hang.

  • CVE-2008-1448Aug 13, 2008
    risk 0.02cvss epss 0.27

    The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read…

  • CVE-2007-2227Jun 12, 2007
    risk 0.02cvss epss 0.25

    The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition…

  • CVE-2007-2225Jun 12, 2007
    risk 0.02cvss epss 0.25

    A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing…

  • CVE-2006-2386Dec 13, 2006
    risk 0.02cvss epss 0.29

    Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file.

  • CVE-2006-0014Apr 12, 2006
    risk 0.02cvss epss 0.24

    Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.

  • CVE-2004-2137Dec 31, 2004
    risk 0.02cvss epss 0.26

    Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information.

  • CVE-2001-0945Dec 3, 2001
    risk 0.02cvss epss 0.20

    Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line.

  • CVE-2000-0621Jul 20, 2000
    risk 0.02cvss epss 0.22

    Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.

  • CVE-2008-5424Dec 11, 2008
    risk 0.01cvss epss 0.12

    The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows…

  • CVE-2005-2226Jul 12, 2005
    risk 0.01cvss epss 0.13

    Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information.

  • CVE-2004-2694Dec 31, 2004
    risk 0.01cvss epss 0.09

    Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top".

  • CVE-2004-0215Aug 6, 2004
    risk 0.01cvss epss 0.16

    Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.

  • CVE-2002-0285May 31, 2002
    risk 0.01cvss epss 0.12

    Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with…

  • CVE-2002-0152Apr 22, 2002
    risk 0.01cvss epss 0.17

    Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0…

  • CVE-2001-1547Dec 31, 2001
    risk 0.01cvss epss 0.14

    Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code.

  • CVE-2001-0999Sep 12, 2001
    risk 0.01cvss epss 0.12

    Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script.

  • CVE-2001-0145May 3, 2001
    risk 0.01cvss epss 0.07

    Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a malformed vCard birthday field.

  • CVE-2000-0524Jun 5, 2000
    risk 0.01cvss epss 0.15

    Microsoft Outlook and Outlook Express allow remote attackers to cause a denial of service by sending email messages with blank fields such as BCC, Reply-To, Return-Path, or From.