Vulnerabilities > Microsoft > Outlook Express > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-08-13 | CVE-2008-1448 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Outlook Express and Windows Mail The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability." | 7.1 |
| 2005-06-14 | CVE-2005-1213 | Buffer Overflow vulnerability in Microsoft Outlook Express NNTP Response Parsing Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field. | 7.5 |
| 2003-12-31 | CVE-2003-1378 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Outlook and Outlook Express Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077. | 8.8 |
| 2002-10-28 | CVE-2002-1179 | Buffer Overflow vulnerability in Microsoft Outlook Express S/MIME Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message. | 7.5 |
| 2002-05-31 | CVE-2002-0285 | Unspecified vulnerability in Microsoft Outlook Express 5.5/6.0 Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers. | 7.5 |
| 2002-04-22 | CVE-2002-0152 | Buffer Overflow vulnerability in Multiple Microsoft Products for MacOS File URL Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. | 7.5 |
| 2001-12-31 | CVE-2001-1547 | Remote Security vulnerability in Microsoft Outlook Express 6.0 Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code. | 7.5 |
| 2001-09-12 | CVE-2001-0999 | Unspecified vulnerability in Microsoft Outlook Express 6.0 Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script. | 7.5 |
| 2001-05-03 | CVE-2001-0145 | Unspecified vulnerability in Microsoft Outlook and Outlook Express Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a malformed vCard birthday field. | 7.5 |
| 2000-07-20 | CVE-2000-0621 | Unspecified vulnerability in Microsoft Outlook and Outlook Express Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability. | 7.5 |