Vulnerabilities > Microsoft > Outlook Express > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-12-11 | CVE-2008-5424 | Resource Management Errors vulnerability in Microsoft Outlook Express 6.00.2900.5512 The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173. | 4.3 |
| 2007-07-27 | CVE-2007-4040 | Cross-Site Scripting vulnerability in Microsoft Outlook and Outlook Express Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670. | 4.3 |
| 2007-06-12 | CVE-2007-2227 | Information Disclosure vulnerability in Microsoft Outlook Express and Windows Mail The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability." network microsoft | 4.3 |
| 2007-06-12 | CVE-2007-2225 | Information Disclosure vulnerability in Microsoft Outlook Express and Windows Mail A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability." network microsoft | 4.3 |
| 2006-12-13 | CVE-2006-2386 | Remote Code Execution vulnerability in Microsoft Outlook Express Windows Address Book Contact Record Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. network microsoft | 6.8 |
| 2006-05-01 | CVE-2006-2111 | Information Exposure vulnerability in Microsoft Outlook Express 6.0 A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability." | 4.3 |
| 2006-04-12 | CVE-2006-0014 | Buffer Overflow vulnerability in Microsoft Outlook Express Windows Address Book File Parsing Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values. | 5.1 |
| 2005-07-12 | CVE-2005-2226 | Multiple vulnerability in Microsoft Outlook Express 6.0 Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information. | 5.0 |
| 2004-12-31 | CVE-2004-2694 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Outlook Express 6.0 Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top". | 5.8 |
| 2004-12-31 | CVE-2004-2137 | Information Disclosure vulnerability in Microsoft Outlook Express 6.0 Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information. | 5.0 |