CVSS: 9.3EPSS: 55%CPEs: 35EXPL: 4CVE-2010-0816 – Microsoft Windows Outlook Express and Windows Mail - Integer Overflow
https://notcve.org/view.php?id=CVE-2010-0816
12 May 2010 — Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlo... • https://www.exploit-db.com/exploits/12564 • CWE-189: Numeric Errors •
CVSS: 7.1EPSS: 46%CPEs: 4EXPL: 0CVE-2008-1448
https://notcve.org/view.php?id=CVE-2008-1448
13 Aug 2008 — The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability." El manejador de protocolo MHTML en un componente de Outlook Express versiones 5.5 SP2 y 6 hasta ... • http://marc.info/?l=bugtraq&m=121915960406986&w=2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 64%CPEs: 3EXPL: 0CVE-2007-3897
https://notcve.org/view.php?id=CVE-2007-3897
09 Oct 2007 — Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption. Un desbordamiento de búfer en la región heap de la memoria en Microsoft Outlook Express versión 6 y anteriores, y Windows Mail para Vista, permite que los servidores remotos de Network News Transfer Protocol (NNTP) ejecuten código arbitrario por medio de las respuestas N... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 56%CPEs: 4EXPL: 0CVE-2006-2386
https://notcve.org/view.php?id=CVE-2006-2386
13 Dec 2006 — Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. Vulnerabilidad sin especificar en el Microsoft Outlook Express 6 y versiones anteriores, permite a atacantes remotos ejecutar código de su elección a través de un registro de contactos modificado en el fichero Windows Address Book (WAB). • http://secunia.com/advisories/23311 •
CVSS: 8.8EPSS: 41%CPEs: 5EXPL: 0CVE-2006-0014 – Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability
https://notcve.org/view.php?id=CVE-2006-0014
11 Apr 2006 — Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Microsoft Windows operating system. User interaction is required to exploit this vulnerability. The specific flaw exists during the parsing of malformed Windows Address Book (.WAB) files. Modificatio... • http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045003.html •
CVSS: 9.8EPSS: 83%CPEs: 3EXPL: 2CVE-2005-1213 – Microsoft Outlook Express - NNTP Buffer Overflow (MS05-030)
https://notcve.org/view.php?id=CVE-2005-1213
14 Jun 2005 — Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field. • https://www.exploit-db.com/exploits/1066 •
CVSS: 6.5EPSS: 51%CPEs: 32EXPL: 2CVE-2004-0526 – Microsoft Internet Explorer 4/5/6 - Embedded Image URI Obfuscation
https://notcve.org/view.php?id=CVE-2004-0526
08 Jun 2004 — Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. Versiones desconocidas de Internet Explorer y Outlook permiten a atacantes remotos suplantar URL legítimas en la barra de estado mediante etiquetas A HREF con valores "alt" modificados que apuntan al sitio legí... • https://www.exploit-db.com/exploits/24102 •
CVSS: 10.0EPSS: 79%CPEs: 2EXPL: 4CVE-2004-0380 – Microsoft Internet Explorer 5.0.1 - ITS Protocol Zone Bypass (MS04-013)
https://notcve.org/view.php?id=CVE-2004-0380
06 Apr 2004 — The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability." El Manejador del protocolo MHTML en Microsoft Outlook Express 5.5 SP2 a Outlook Expre... • https://www.exploit-db.com/exploits/23695 •
CVSS: 7.5EPSS: 30%CPEs: 4EXPL: 2CVE-2002-2164 – Alleged Outlook Express 5/6 Link - Denial of Service
https://notcve.org/view.php?id=CVE-2002-2164
31 Dec 2002 — Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long <A HREF> link. • https://www.exploit-db.com/exploits/21789 •
CVSS: 9.8EPSS: 48%CPEs: 2EXPL: 1CVE-2002-1179 – Microsoft Outlook Express 5.5/6.0 - S/MIME Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-1179
28 Oct 2002 — Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message. • https://www.exploit-db.com/exploits/21932 •