Vulnerabilities > Microsoft > Outlook Express > 5.5

DATE CVE VULNERABILITY TITLE RISK
2008-08-13 CVE-2008-1448 Permissions, Privileges, and Access Controls vulnerability in Microsoft Outlook Express and Windows Mail
The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."
network
microsoft CWE-264
7.1
2007-10-09 CVE-2007-3897 Buffer Errors vulnerability in Microsoft Outlook Express and Windows Mail
Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.
network
microsoft CWE-119
critical
9.3
2006-12-13 CVE-2006-2386 Remote Code Execution vulnerability in Microsoft Outlook Express Windows Address Book Contact Record
Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file.
network
microsoft
6.8
2006-04-12 CVE-2006-0014 Buffer Overflow vulnerability in Microsoft Outlook Express Windows Address Book File Parsing
Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.
network
high complexity
microsoft
5.1
2005-06-14 CVE-2005-1213 Buffer Overflow vulnerability in Microsoft Outlook Express NNTP Response Parsing
Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.
network
low complexity
microsoft
7.5
2004-08-06 CVE-2004-0526 Unspecified vulnerability in Microsoft products
Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
network
low complexity
microsoft
5.0
2004-05-04 CVE-2004-0380 Unspecified vulnerability in Microsoft Outlook Express 5.5/6.0
The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."
network
low complexity
microsoft
critical
10.0
2002-12-31 CVE-2002-2164 Denial of Service vulnerability in Alleged Outlook Express Link
Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long <A HREF> link.
network
low complexity
microsoft
5.0
2002-10-28 CVE-2002-1179 Buffer Overflow vulnerability in Microsoft Outlook Express S/MIME
Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message.
network
low complexity
microsoft
7.5
2002-05-31 CVE-2002-0285 Unspecified vulnerability in Microsoft Outlook Express 5.5/6.0
Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers.
network
low complexity
microsoft
7.5