CVSS: 9.3EPSS: 95%CPEs: 5EXPL: 1CVE-2013-3870
https://notcve.org/view.php?id=CVE-2013-3870
Double free vulnerability in Microsoft Outlook 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to execute arbitrary code by including many nested S/MIME certificates in an e-mail message, aka "Message Certificate Vulnerability." Vulnerabilidad de doble liberación en Microsoft Outlook 2007 (SP3) y 2010 (SP1 y SP2) permite a atacantes remotos ejecutar código a discrección incluyendo varios certificados S/MIME anidados en un mensaje de correo electrónico, tambien conocido como "Vulnerabilidad de Certificado de Mensaje". • http://blogs.technet.com/b/srd/archive/2013/09/10/assessing-risk-for-the-september-2013-security-updates.aspx http://blogs.technet.com/b/srd/archive/2013/09/10/ms13-068-a-difficult-to-exploit-double-free-in-outlook.aspx http://www.us-cert.gov/ncas/alerts/TA13-253A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-068 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18857 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 24%CPEs: 3EXPL: 0CVE-2010-2728
https://notcve.org/view.php?id=CVE-2010-2728
Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability." Desbordamiento de búfer basado en memoria dinámica en Microsoft Outlook 2002 SP3, 2003 SP3, y 2007 SP2, cuando está habilitado el Online Mode para Exchange Server, permite a los atacantes remotos ejecutar código a su elección a través de un mensaje de e-mail manipulado, también conocido como "Heap Based Buffer Overflow in Outlook Vulnerability". • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-064 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7125 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 5%CPEs: 3EXPL: 4CVE-2010-3213 – Outlook Web Access 2007 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2010-3213
Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Microsoft Outlook Web Access (owa/ev.owa) 2007 hasta SP2 permite a atacantes remotos secuestrar la autenticación de usuarios de e-mail para peticiones que llevan a cabo peticiones Outlook, como se demostró estableciendo la regla de "auto-forward" • https://www.exploit-db.com/exploits/14285 http://sites.google.com/site/tentacoloviola/pwning-corporate-webmails http://www.exploit-db.com/exploits/14285 http://www.securityfocus.com/bid/41462 https://exchange.xforce.ibmcloud.com/vulnerabilities/60164 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.3EPSS: 97%CPEs: 8EXPL: 4CVE-2010-0266 – Outlook ATTACH_BY_REF_ONLY File Execution
https://notcve.org/view.php?id=CVE-2010-0266
Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability." Microsoft Office Outlook 2002 SP3, 2003 SP3, y 2007 SP1 y SP2 no verifica correctamente adjuntos en correo electrónico con un valor adecuado PR_ATTACH_METHOD de ATTACH_BY_REFERENCE, el cual permite a atacantes remotos ayudados por el usuario ejecutar código arbitrario mediante mensajes manipulados, también conocidos como "Vulnerabilidad Microsoft Outlook SMB en adjuntos". • https://www.exploit-db.com/exploits/16700 https://www.exploit-db.com/exploits/16699 http://www.us-cert.gov/cas/techalerts/TA10-194A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-045 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11623 http://www.akitasecurity.nl/advisory.php?id=AK20091001 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/email/ms10_045_outlook_ref_resolve.rb https& • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 81%CPEs: 19EXPL: 0CVE-2008-4024
https://notcve.org/view.php?id=CVE-2008-4024
Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability." Microsoft Office Word 2000 SP3 y 2002 SP3 y Office 2004 para Mac permiten a los atacantes remotos ejecutar código arbitrario por medio de un documento de Word con un campo lcbPlcfBkfSdt creado en el Bloque de Información de Archivos (FIB), que omite un paso de inicialización y activa un "arbitrary free," aka "Word Memory Corruption Vulnerability." • http://www.coresecurity.com/content/word-arbitrary-free http://www.coresecurity.com/files/attachments/CORE-2008-0228-Word.pdf http://www.securityfocus.com/archive/1/499086/100/0/threaded http://www.securitytracker.com/id?1021370 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3384 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval • CWE-94: Improper Control of Generation of Code ('Code Injection') •