CVSS: 7.5EPSS: 4%CPEs: 15EXPL: 0CVE-2002-0152
https://notcve.org/view.php?id=CVE-2002-0152
Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh. Desbordamiento de buffer en varias aplicaciones de Microsoft para Macintosht permite a atacantes remotos causar una denegación de servicio (caída) o ejecutar código arbitrario invocando la directiva file:// con un número grande de caracteres /. • http://marc.info/?l=bugtraq&m=101897994314015&w=2 http://www.iss.net/security_center/static/8850.php http://www.osvdb.org/5357 http://www.securityfocus.com/bid/4517 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019 •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 0CVE-2001-1547
https://notcve.org/view.php?id=CVE-2001-1547
Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code. • http://www.iss.net/security_center/static/7670.php http://www.securityfocus.com/archive/1/243869 http://www.windows-help.net/microsoft/oe6-attach.html •
CVSS: 5.0EPSS: 2%CPEs: 3EXPL: 0CVE-2001-0945
https://notcve.org/view.php?id=CVE-2001-0945
Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line. • http://marc.info/?l=bugtraq&m=100741295502017&w=2 http://www.iss.net/security_center/static/7648.php http://www.securityfocus.com/bid/3611 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0999
https://notcve.org/view.php?id=CVE-2001-0999
Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script. • http://www.securityfocus.com/archive/1/213754 http://www.securityfocus.com/archive/1/214453 http://www.securityfocus.com/bid/3334 https://exchange.xforce.ibmcloud.com/vulnerabilities/7118 •
CVSS: 7.5EPSS: 3%CPEs: 11EXPL: 3CVE-2001-1088 – Microsoft Outlook 97/98/2000/4/5 - Address Book Spoofing
https://notcve.org/view.php?id=CVE-2001-1088
Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user. • https://www.exploit-db.com/exploits/20899 http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq234241 http://www.securityfocus.com/archive/1/188752 http://www.securityfocus.com/bid/2823 https://exchange.xforce.ibmcloud.com/vulnerabilities/6655 •