CVSS: 6.5EPSS: 23%CPEs: 1EXPL: 0CVE-2006-2055
https://notcve.org/view.php?id=CVE-2006-2055
26 Apr 2006 — Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. • http://ingehenriksen.blogspot.com/2006/04/office-2003-file-attachment-exploit.html • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 8.8EPSS: 41%CPEs: 5EXPL: 0CVE-2006-0014 – Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability
https://notcve.org/view.php?id=CVE-2006-0014
11 Apr 2006 — Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Microsoft Windows operating system. User interaction is required to exploit this vulnerability. The specific flaw exists during the parsing of malformed Windows Address Book (.WAB) files. Modificatio... • http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045003.html •
CVSS: 8.8EPSS: 56%CPEs: 16EXPL: 0CVE-2006-0002
https://notcve.org/view.php?id=CVE-2006-0002
10 Jan 2006 — Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation. • http://secunia.com/advisories/18368 •
CVSS: 6.5EPSS: 28%CPEs: 2EXPL: 0CVE-2005-4840
https://notcve.org/view.php?id=CVE-2005-4840
31 Dec 2005 — The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer. • http://browserfun.blogspot.com/2006/07/mobb-3-outlookexpressaddressbook_02.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 35%CPEs: 3EXPL: 0CVE-2005-2226
https://notcve.org/view.php?id=CVE-2005-2226
12 Jul 2005 — Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information. • http://support.microsoft.com/default.aspx/kb/900930 •
CVSS: 9.8EPSS: 83%CPEs: 3EXPL: 2CVE-2005-1213 – Microsoft Outlook Express - NNTP Buffer Overflow (MS05-030)
https://notcve.org/view.php?id=CVE-2005-1213
14 Jun 2005 — Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field. • https://www.exploit-db.com/exploits/1066 •
CVSS: 5.3EPSS: 8%CPEs: 2EXPL: 0CVE-2005-1052
https://notcve.org/view.php?id=CVE-2005-1052
12 Apr 2005 — Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses. • http://www.idefense.com/application/poi/display?id=227&type=vulnerabilities •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0921
https://notcve.org/view.php?id=CVE-2005-0921
29 Mar 2005 — Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy. • http://support.microsoft.com/kb/896093 •
CVSS: 5.3EPSS: 39%CPEs: 2EXPL: 0CVE-2004-2137
https://notcve.org/view.php?id=CVE-2004-2137
31 Dec 2004 — Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information. • http://secunia.com/advisories/12376 •
CVSS: 8.8EPSS: 26%CPEs: 2EXPL: 0CVE-2004-2482
https://notcve.org/view.php?id=CVE-2004-2482
31 Dec 2004 — Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code. • http://secunia.com/advisories/12041 •