CVSS: 4.3EPSS: 49%CPEs: 12EXPL: 0CVE-2007-2225
https://notcve.org/view.php?id=CVE-2007-2225
12 Jun 2007 — A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability." Un componente en Microsoft Outlook Express 6 y windows Mail en Windows Vista no maneja adecuadamente determinadas cabeceras HTTP cuado procesa URLs del protocolo MHTML, lo cual permit... • http://archive.openmya.devnull.jp/2007.06/msg00060.html •
CVSS: 9.3EPSS: 62%CPEs: 36EXPL: 0CVE-2007-0671
https://notcve.org/view.php?id=CVE-2007-0671
03 Feb 2007 — Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. Una vulnerabilidad no especificada en Microsoft Excel 2000, XP, 2003 y 2004 para Mac, y posiblemente otros productos de Office, permite a atacantes asistidos por el usuario ejecutar código arbitrario por medio de vectores de ataque descon... • http://osvdb.org/31901 •
CVSS: 9.3EPSS: 58%CPEs: 6EXPL: 0CVE-2007-0033
https://notcve.org/view.php?id=CVE-2007-0033
09 Jan 2007 — Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file. Microsoft Outlook 2002 y 2003 permite a atacantes remotos con la intervención del usuario ejecutar código de su elección a través de un registro VEVENT mal formado en la petición .iCal meeting o un fichero ICS. • http://secunia.com/advisories/23674 •
CVSS: 9.3EPSS: 62%CPEs: 6EXPL: 0CVE-2007-0034
https://notcve.org/view.php?id=CVE-2007-0034
09 Jan 2007 — Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability." Un desbordamiento de búfer en la funcionalidad Advanced Search (Finder.exe) de Microsoft Outlook 2000, 2002 y 2003, permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de un ... • http://secunia.com/advisories/23674 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 51%CPEs: 6EXPL: 0CVE-2006-1305
https://notcve.org/view.php?id=CVE-2006-1305
31 Dec 2006 — Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers. Microsoft Outlook 2000, 2002, y 2003 permite a atacantes remotos con la implicación del usuario provocar una denegación de servicio (consumo de memoria e interrupción de recuperación de correo) mediante información d... • http://blogs.securiteam.com/index.php/archives/347 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 23%CPEs: 3EXPL: 3CVE-2006-6659 – Microsoft Office Outlook Recipient Control - 'ole32.dll' Denial of Service
https://notcve.org/view.php?id=CVE-2006-6659
20 Dec 2006 — The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML. El control ActiveX Recipient de Microsoft Office Outlook (ole32.dll) en Windows XP SP2 permite a atacantes remotos provocar una denegación de servicio (cuelgue de Internet Explorer 7) mediante una HTML artesanal. • https://www.exploit-db.com/exploits/2946 •
CVSS: 7.8EPSS: 56%CPEs: 4EXPL: 0CVE-2006-2386
https://notcve.org/view.php?id=CVE-2006-2386
13 Dec 2006 — Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. Vulnerabilidad sin especificar en el Microsoft Outlook Express 6 y versiones anteriores, permite a atacantes remotos ejecutar código de su elección a través de un registro de contactos modificado en el fichero Windows Address Book (WAB). • http://secunia.com/advisories/23311 •
CVSS: 9.3EPSS: 36%CPEs: 35EXPL: 0CVE-2006-3877
https://notcve.org/view.php?id=CVE-2006-3877
10 Oct 2006 — Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876. Vulnerabilidad no especificada en PowerPoint en Microsoft Office 2000, Office 2002, Office 2003, Office 2004 para Mac, y Office v.X para Mac permite a atacantes con la intervención del usuario ejecutar có... • http://securitytracker.com/id?1017030 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 65%CPEs: 13EXPL: 4CVE-2006-4868 – Microsoft Internet Explorer (Windows XP SP2) - 'VML' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-4868
19 Sep 2006 — Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag. Desbordamiento de búfer basado en el motor Vector Graphics Rendering (vgx.dll), tal y como se usa en Microsoft Outlook e Internet Explorer 6.0 en Windows XP SP2 y posiblemente otras versiones pe... • https://www.exploit-db.com/exploits/2425 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.7EPSS: 39%CPEs: 1EXPL: 4CVE-2006-2111 – Outlook Express 5.5/6.0 / Windows Mail - MHTML URI Handler Information Disclosure
https://notcve.org/view.php?id=CVE-2006-2111
01 May 2006 — A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability." • https://www.exploit-db.com/exploits/27745 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •