Windows Mail

windows_mail

Vendor: Microsoft • 6 CVEs

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-8305 1Microsoft 3Windows Calendar Windows MailWindows People Jun 17, 2026 Jul 11, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An information disclosure vulnerability exists in Windows Mail Client when a message is opened, aka "Windows Mail Client Information Disclosure Vulnerability." This affects Mail, Calendar, and People in Windows 8.1 App S...Show more An information disclosure vulnerability exists in Windows Mail Client when a message is opened, aka "Windows Mail Client Information Disclosure Vulnerability." This affects Mail, Calendar, and People in Windows 8.1 App Store.Show less
CVE-2010-0816 1Microsoft 3Outlook Express Windows Live MailWindows Mail Apr 29, 2026 May 12, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windo...Show more Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlook Express and Windows Mail Integer Overflow Vulnerability."Show less
CVE-2008-1448 1Microsoft 2Outlook Express Windows Mail Apr 23, 2026 Aug 13, 2008 N/A· v4 N/A· v3 7.1 HIGH· v2 The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote...Show more The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."Show less
CVE-2007-3897 1Microsoft 2Outlook Express Windows Mail Apr 23, 2026 Oct 9, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigge...Show more Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.Show less
CVE-2007-2227 1Microsoft 2Outlook Express Windows Mail Apr 23, 2026 Jun 12, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from...Show more The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."Show less
CVE-2007-2225 1Microsoft 2Outlook Express Windows Mail Apr 23, 2026 Jun 12, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive informatio...Show more A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."Show less