CVE-2001-0538 – Microsoft Outlook 98/2000/2002 - Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2001-0538
Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page. • https://www.exploit-db.com/exploits/21004 https://www.exploit-db.com/exploits/21003 http://marc.info/?l=bugtraq&m=99496431214078&w=2 http://www.ciac.org/ciac/bulletins/l-113.shtml http://www.kb.cert.org/vuls/id/131569 http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtraq&F=P&S=&P=862 http://www.securityfocus.com/bid/3025 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-038 https://exchange.xforce.ibmcloud.co •
CVE-2001-1088 – Microsoft Outlook 97/98/2000/4/5 - Address Book Spoofing
https://notcve.org/view.php?id=CVE-2001-1088
Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user. • https://www.exploit-db.com/exploits/20899 http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq234241 http://www.securityfocus.com/archive/1/188752 http://www.securityfocus.com/bid/2823 https://exchange.xforce.ibmcloud.com/vulnerabilities/6655 •
CVE-2001-0145
https://notcve.org/view.php?id=CVE-2001-0145
Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a malformed vCard birthday field. • http://www.atstake.com/research/advisories/2001/a022301-1.txt https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-012 •
CVE-2001-0322 – Microsoft Internet Explorer 4 / Outlook 2000/5.5 - 'MSHTML.dll' Crash
https://notcve.org/view.php?id=CVE-2001-0322
MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object. • https://www.exploit-db.com/exploits/20552 http://marc.info/?l=bugtraq&m=97958685100219&w=2 http://www.securityfocus.com/bid/2202 https://exchange.xforce.ibmcloud.com/vulnerabilities/5938 •
CVE-2000-0753
https://notcve.org/view.php?id=CVE-2000-0753
The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files. • http://www.securityfocus.com/archive/1/201422 http://www.securityfocus.com/archive/1/78240 http://www.securityfocus.com/bid/1631 https://exchange.xforce.ibmcloud.com/vulnerabilities/5508 •