Page 2 of 22 results (0.005 seconds)

CVSS: 6.8EPSS: 79%CPEs: 4EXPL: 0

Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. Vulnerabilidad sin especificar en el Microsoft Outlook Express 6 y versiones anteriores, permite a atacantes remotos ejecutar código de su elección a través de un registro de contactos modificado en el fichero Windows Address Book (WAB). • http://secunia.com/advisories/23311 http://securitytracker.com/id?1017369 http://www.securityfocus.com/archive/1/454969/100/200/threaded http://www.securityfocus.com/bid/21501 http://www.us-cert.gov/cas/techalerts/TA06-346A.html http://www.vupen.com/english/advisories/2006/4969 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-076 https://exchange.xforce.ibmcloud.com/vulnerabilities/29227 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre •

CVSS: 4.3EPSS: 9%CPEs: 1EXPL: 4

A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability." • https://www.exploit-db.com/exploits/27745 http://secunia.com/Internet_Explorer_Arbitrary_Content_Disclosure_Vulnerability_Test http://secunia.com/advisories/19738 http://secunia.com/advisories/22477 http://securitytracker.com/id?1016005 http://www.kb.cert.org/vuls/id/783761 http://www.osvdb.org/25073 http://www.securityfocus.com/archive/1/449883/100/200/threaded http://www.securityfocus.com/archive/1/449917/100/0/threaded http://www.securityfocus.com/archive/1/471947/100/0&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.1EPSS: 49%CPEs: 5EXPL: 0

Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Microsoft Windows operating system. User interaction is required to exploit this vulnerability. The specific flaw exists during the parsing of malformed Windows Address Book (.WAB) files. Modification of the length value of certain Unicode strings within this file format results in an exploitable heap corruption. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045003.html http://secunia.com/advisories/19617 http://securityreason.com/securityalert/691 http://securitytracker.com/id?1015898 http://www.securityfocus.com/archive/1/430645/100/0/threaded http://www.securityfocus.com/bid/17459 http://www.vupen.com/english/advisories/2006/1321 http://www.zerodayinitiative.com/advisories/ZDI-06-007.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-016 https: •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information. • http://support.microsoft.com/default.aspx/kb/900930 http://www.securityfocus.com/bid/14225 •

CVSS: 7.5EPSS: 97%CPEs: 3EXPL: 2

Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field. • https://www.exploit-db.com/exploits/1066 https://www.exploit-db.com/exploits/16379 http://securitytracker.com/id?1014200 http://www.idefense.com/application/poi/display?id=263&type=vulnerabilities http://www.kb.cert.org/vuls/id/130614 http://www.securityfocus.com/bid/13951 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-030 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1088 https://oval.cisecurity.org/repository/sea •