CVSS: 5.1EPSS: 49%CPEs: 5EXPL: 0CVE-2006-0014 – Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability
https://notcve.org/view.php?id=CVE-2006-0014
Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Microsoft Windows operating system. User interaction is required to exploit this vulnerability. The specific flaw exists during the parsing of malformed Windows Address Book (.WAB) files. Modification of the length value of certain Unicode strings within this file format results in an exploitable heap corruption. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045003.html http://secunia.com/advisories/19617 http://securityreason.com/securityalert/691 http://securitytracker.com/id?1015898 http://www.securityfocus.com/archive/1/430645/100/0/threaded http://www.securityfocus.com/bid/17459 http://www.vupen.com/english/advisories/2006/1321 http://www.zerodayinitiative.com/advisories/ZDI-06-007.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-016 https: •
CVSS: 4.3EPSS: 84%CPEs: 2EXPL: 0CVE-2005-4840
https://notcve.org/view.php?id=CVE-2005-4840
The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer. • http://browserfun.blogspot.com/2006/07/mobb-3-outlookexpressaddressbook_02.html http://www.osvdb.org/26836 http://www.securityfocus.com/archive/1/391803 http://www.securityfocus.com/archive/1/470694/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/34755 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2005-2226
https://notcve.org/view.php?id=CVE-2005-2226
Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information. • http://support.microsoft.com/default.aspx/kb/900930 http://www.securityfocus.com/bid/14225 •
CVSS: 7.5EPSS: 97%CPEs: 3EXPL: 2CVE-2005-1213 – Microsoft Outlook Express - NNTP Buffer Overflow (MS05-030)
https://notcve.org/view.php?id=CVE-2005-1213
Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field. • https://www.exploit-db.com/exploits/1066 https://www.exploit-db.com/exploits/16379 http://securitytracker.com/id?1014200 http://www.idefense.com/application/poi/display?id=263&type=vulnerabilities http://www.kb.cert.org/vuls/id/130614 http://www.securityfocus.com/bid/13951 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-030 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1088 https://oval.cisecurity.org/repository/sea •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2694
https://notcve.org/view.php?id=CVE-2004-2694
Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top". • http://marc.info/?l=bugtraq&m=108448627120764&w=2 http://secunia.com/advisories/11607 http://www.osvdb.org/6121 • CWE-264: Permissions, Privileges, and Access Controls •