Microsoft

Outlook Express

45 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.1

CVE-2006-0014

  • EPSS 41.4%
  • Published 12.04.2006 00:02:00
  • Last modified 03.04.2025 01:03:51

Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.

5

CVE-2005-2226

  • EPSS 32.27%
  • Published 12.07.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information.

7.5

CVE-2005-1213

  • EPSS 83.91%
  • Published 14.06.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.

5.8

CVE-2004-2694

  • EPSS 17.27%
  • Published 31.12.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top".

5

CVE-2004-2137

  • EPSS 33.17%
  • Published 31.12.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sens...

5

CVE-2004-0526

Exploit
  • EPSS 52.26%
  • Published 06.08.2004 04:00:00
  • Last modified 03.04.2025 01:03:51

Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the mal...

5

CVE-2004-0215

  • EPSS 44.46%
  • Published 06.08.2004 04:00:00
  • Last modified 03.04.2025 01:03:51

Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.

10

CVE-2004-0380

Exploit
  • EPSS 81.69%
  • Published 04.05.2004 04:00:00
  • Last modified 03.04.2025 01:03:51

The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM)...

8.8

CVE-2003-1378

Exploit
  • EPSS 38.01%
  • Published 31.12.2003 05:00:00
  • Last modified 03.04.2025 01:03:51

Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0...

5

CVE-2003-0301

  • EPSS 4.28%
  • Published 16.06.2003 04:00:00
  • Last modified 03.04.2025 01:03:51

The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.