CVSS: 9.8EPSS: 38%CPEs: 2EXPL: 2CVE-2004-0121 – Microsoft Outlook 2002 - 'Mailto' Quoting Zone Bypass
https://notcve.org/view.php?id=CVE-2004-0121
15 Apr 2004 — Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs. Micrososft Outlook 2002 no filtra suficientemente los parámetros de URLs mailto:, cuando se usan como argumentos al llamar a OUTLOOK.EXE, lo que permite a atacantes remotos usar código script en la zona de seguridad "Máquina Local" y e... • https://www.exploit-db.com/exploits/23796 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 10.0EPSS: 79%CPEs: 2EXPL: 4CVE-2004-0380 – Microsoft Internet Explorer 5.0.1 - ITS Protocol Zone Bypass (MS04-013)
https://notcve.org/view.php?id=CVE-2004-0380
06 Apr 2004 — The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability." El Manejador del protocolo MHTML en Microsoft Outlook Express 5.5 SP2 a Outlook Expre... • https://www.exploit-db.com/exploits/23695 •
CVSS: 6.5EPSS: 11%CPEs: 6EXPL: 0CVE-2004-0284
https://notcve.org/view.php?id=CVE-2004-0284
18 Mar 2004 — Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name. Microsoft Internet Explorer 6.0, Outlook 2002, y Outlook 2003 permiten a atacantes remotos causar una denegación de servicio (consumición de CPU) si está desactivado "No guardar las páginas cifradas en el disco), mediante un sitio w... • http://marc.info/?l=bugtraq&m=107643134712133&w=2 •
CVSS: 8.8EPSS: 34%CPEs: 4EXPL: 3CVE-2003-1378 – Microsoft Outlook2000/Express 6.0 - Arbitrary Program Execution
https://notcve.org/view.php?id=CVE-2003-1378
31 Dec 2003 — Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077. • https://www.exploit-db.com/exploits/22280 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2003-0300
https://notcve.org/view.php?id=CVE-2003-0300
15 May 2003 — The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. El cliente IMAP para Sylpheed 0.8.11 permite que servidores IMAP remotos dañinos originen una denegación de servicio (caída) mediante ciertos tamaños literales muy largos que causan desbordamientos de búfer de enteros. • http://marc.info/?l=bugtraq&m=105294024124163&w=2 •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2003-0301
https://notcve.org/view.php?id=CVE-2003-0301
15 May 2003 — The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. El cliente IMAP para Outlook Express 6.00.2800.1106 permite que servidores IMAP dañinos provoquen una denegación de servicio (caída) mediante ciertos valores literales muy grandes que provocan errores de desbordamiento de enteros. • http://marc.info/?l=bugtraq&m=105294024124163&w=2 •
CVSS: 7.5EPSS: 4%CPEs: 3EXPL: 0CVE-2003-0007
https://notcve.org/view.php?id=CVE-2003-0007
07 Feb 2003 — Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure." Microsoft Outllok no maneja adecuadamente las peticiones para cifrar mensajes con un certificados de Seguridad de Exchange Server V1, lo que hace que Outlook envíe el mensaje en texto plano, también conocida com... • http://www.securityfocus.com/bid/6667 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2002-1696
https://notcve.org/view.php?id=CVE-2002-1696
31 Dec 2002 — Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message. • http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=528 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.0EPSS: 8%CPEs: 2EXPL: 0CVE-2002-2100
https://notcve.org/view.php?id=CVE-2002-2100
31 Dec 2002 — Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content. • http://archives.neohapsis.com/archives/bugtraq/2002-03/0267.html •
CVSS: 7.5EPSS: 16%CPEs: 1EXPL: 0CVE-2002-2101
https://notcve.org/view.php?id=CVE-2002-2101
31 Dec 2002 — Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag. • http://archives.neohapsis.com/archives/bugtraq/2002-03/0267.html •