CVSS: 8.8EPSS: 41%CPEs: 5EXPL: 0CVE-2006-0014 – Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability
https://notcve.org/view.php?id=CVE-2006-0014
11 Apr 2006 — Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Microsoft Windows operating system. User interaction is required to exploit this vulnerability. The specific flaw exists during the parsing of malformed Windows Address Book (.WAB) files. Modificatio... • http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045003.html •
CVSS: 6.5EPSS: 28%CPEs: 2EXPL: 0CVE-2005-4840
https://notcve.org/view.php?id=CVE-2005-4840
31 Dec 2005 — The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer. • http://browserfun.blogspot.com/2006/07/mobb-3-outlookexpressaddressbook_02.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 35%CPEs: 3EXPL: 0CVE-2005-2226
https://notcve.org/view.php?id=CVE-2005-2226
12 Jul 2005 — Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information. • http://support.microsoft.com/default.aspx/kb/900930 •
CVSS: 9.8EPSS: 83%CPEs: 3EXPL: 2CVE-2005-1213 – Microsoft Outlook Express - NNTP Buffer Overflow (MS05-030)
https://notcve.org/view.php?id=CVE-2005-1213
14 Jun 2005 — Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field. • https://www.exploit-db.com/exploits/1066 •
CVSS: 5.3EPSS: 39%CPEs: 2EXPL: 0CVE-2004-2137
https://notcve.org/view.php?id=CVE-2004-2137
31 Dec 2004 — Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information. • http://secunia.com/advisories/12376 •
CVSS: 6.5EPSS: 17%CPEs: 1EXPL: 0CVE-2004-2694
https://notcve.org/view.php?id=CVE-2004-2694
31 Dec 2004 — Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top". • http://marc.info/?l=bugtraq&m=108448627120764&w=2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 33%CPEs: 5EXPL: 0CVE-2004-0215
https://notcve.org/view.php?id=CVE-2004-0215
14 Jul 2004 — Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header. Microsoft Outlook Express 5.5 y 6 permiten a atacantes causar una denegación de servicio (caída de la aplicación) mediante una cabecera de correo electrónico malformada. • http://www.kb.cert.org/vuls/id/869640 •
CVSS: 6.5EPSS: 51%CPEs: 32EXPL: 2CVE-2004-0526 – Microsoft Internet Explorer 4/5/6 - Embedded Image URI Obfuscation
https://notcve.org/view.php?id=CVE-2004-0526
08 Jun 2004 — Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. Versiones desconocidas de Internet Explorer y Outlook permiten a atacantes remotos suplantar URL legítimas en la barra de estado mediante etiquetas A HREF con valores "alt" modificados que apuntan al sitio legí... • https://www.exploit-db.com/exploits/24102 •
CVSS: 10.0EPSS: 79%CPEs: 2EXPL: 4CVE-2004-0380 – Microsoft Internet Explorer 5.0.1 - ITS Protocol Zone Bypass (MS04-013)
https://notcve.org/view.php?id=CVE-2004-0380
06 Apr 2004 — The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability." El Manejador del protocolo MHTML en Microsoft Outlook Express 5.5 SP2 a Outlook Expre... • https://www.exploit-db.com/exploits/23695 •
CVSS: 8.8EPSS: 34%CPEs: 4EXPL: 3CVE-2003-1378 – Microsoft Outlook2000/Express 6.0 - Arbitrary Program Execution
https://notcve.org/view.php?id=CVE-2003-1378
31 Dec 2003 — Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077. • https://www.exploit-db.com/exploits/22280 • CWE-264: Permissions, Privileges, and Access Controls •