Outlook Express

outlook_express

Vendor: Microsoft • 45 CVEs

CVEs (45)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2010-3147 1Microsoft 7Outlook Express Windows 2003 ServerWindows 7+4 more Apr 29, 2026 Aug 27, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Wi...Show more Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.Show less
CVE-2010-0816 1Microsoft 3Outlook Express Windows Live MailWindows Mail Apr 29, 2026 May 12, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windo...Show more Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlook Express and Windows Mail Integer Overflow Vulnerability."Show less
CVE-2008-5424 1Microsoft 1Outlook Express Apr 23, 2026 Dec 11, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many...Show more The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173.Show less
CVE-2008-1448 1Microsoft 2Outlook Express Windows Mail Apr 23, 2026 Aug 13, 2008 N/A· v4 N/A· v3 7.1 HIGH· v2 The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote...Show more The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."Show less
CVE-2007-3897 1Microsoft 2Outlook Express Windows Mail Apr 23, 2026 Oct 9, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigge...Show more Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.Show less
CVE-2007-4040 1Microsoft 2Outlook Outlook Express Apr 23, 2026 Jul 27, 2007 N/A· v4 8.8 HIGH· v3 4.3 MEDIUM· v2 Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via sh...Show more Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.Show less
CVE-2007-2227 1Microsoft 2Outlook Express Windows Mail Apr 23, 2026 Jun 12, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from...Show more The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."Show less
CVE-2007-2225 1Microsoft 2Outlook Express Windows Mail Apr 23, 2026 Jun 12, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive informatio...Show more A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."Show less
CVE-2006-2386 1Microsoft 1Outlook Express Apr 23, 2026 Dec 13, 2006 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file.
CVE-2006-2111 1Microsoft 1Outlook Express Apr 16, 2026 May 1, 2006 N/A· v4 N/A· v3 4.3 MEDIUM· v2 A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer...Show more A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability."Show less
CVE-2006-0014 1Microsoft 1Outlook Express Apr 16, 2026 Apr 12, 2006 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.
CVE-2005-2226 1Microsoft 1Outlook Express Apr 16, 2026 Jul 12, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information.
CVE-2005-1213 1Microsoft 1Outlook Express Apr 16, 2026 Jun 14, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.
CVE-2004-2694 1Microsoft 1Outlook Express Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the targe...Show more Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top".Show less
CVE-2004-2137 1Microsoft 1Outlook Express Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow r...Show more Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information.Show less
CVE-2004-0526 1Microsoft 4Ie Internet ExplorerOutlook+1 more Apr 16, 2026 Aug 6, 2004 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image ma...Show more Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.Show less
CVE-2004-0215 2Avaya Microsoft 5Definity One Media Server Ip600 Media ServersModular Messaging Message Storage Server+2 more Apr 16, 2026 Aug 6, 2004 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.
CVE-2004-0380 1Microsoft 1Outlook Express Apr 16, 2026 May 4, 2004 N/A· v4 N/A· v3 10.0 HIGH· v2 The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using s...Show more The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."Show less
CVE-2003-1378 1Microsoft 2Outlook Outlook Express Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 8.8 HIGH· v2 Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulne...Show more Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.Show less
CVE-2003-0301 1Microsoft 1Outlook Express Apr 16, 2026 Jun 16, 2003 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer ov...Show more The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.Show less

12 3 Next