CVSS: 5.5EPSS: 11%CPEs: 4EXPL: 1CVE-2017-0204
https://notcve.org/view.php?id=CVE-2017-0204
12 Apr 2017 — Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability." Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP1 y Microsoft Outlook 2016 permiten a los atacantes remotos eludir Office Protected View a través de un documento especialmente manipulado, vulnerabilidad también conocida como "Microsoft Offic... • https://github.com/ryhanson/CVE-2017-0204 •
CVSS: 6.5EPSS: 11%CPEs: 1EXPL: 0CVE-2017-0207
https://notcve.org/view.php?id=CVE-2017-0207
12 Apr 2017 — Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka "Microsoft Browser Spoofing Vulnerability." Microsoft Outlook para Mac 2011 permite a atacantes remotos suplantar contenido web a través de un correo electrónico manipulado con etiquetas HTML específicas, vulnerabilidad también conocido como "Microsoft Browser Spoofing Vulnerability". • http://www.securityfocus.com/bid/97463 •
CVSS: 6.5EPSS: 15%CPEs: 4EXPL: 0CVE-2016-3366
https://notcve.org/view.php?id=CVE-2016-3366
14 Sep 2016 — Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, Outlook 2016, and Outlook 2016 for Mac do not properly implement RFC 2046, which allows remote attackers to bypass virus or spam detection via crafted MIME data in an e-mail attachment, aka "Microsoft Office Spoofing Vulnerability." Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, Outlook 2016 y Outlook 2016 para Mac no implementa adecuadamente el RFC 2046, lo que permite a atacantes remo... • http://www.securityfocus.com/bid/92831 • CWE-284: Improper Access Control •
CVSS: 9.3EPSS: 25%CPEs: 4EXPL: 0CVE-2016-3278
https://notcve.org/view.php?id=CVE-2016-3278
13 Jul 2016 — Microsoft Outlook 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." Microsoft Outlook 2010 SP2, 2013 SP1, 2013 RT SP1 y 2016 permite a atacantes remotos ejecutar código arbitrario a través de un documento de Office manipulado, también conocida como "Microsoft Office Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/91574 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 21%CPEs: 6EXPL: 0CVE-2016-0028
https://notcve.org/view.php?id=CVE-2016-0028
16 Jun 2016 — Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka "Microsoft Exchange Information Disclosure Vulnerability." Outlook Web Access (OWA) en Microsoft Exchange Server 2013 SP1, Cumulative Update 11 y Cumulative Update 12 y 2016 Gold y Cumulative Update 1 no restringe ... • http://www.securitytracker.com/id/1036106 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 93%CPEs: 12EXPL: 1CVE-2015-1641 – Microsoft Office Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2015-1641
14 Apr 2015 — Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability." Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compa... • https://github.com/Cyberclues/rtf_exploit_extractor • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 5%CPEs: 5EXPL: 0CVE-2014-5239 – Outlook.com for Android Failed Validation
https://notcve.org/view.php?id=CVE-2014-5239
14 Aug 2014 — The Microsoft Outlook.com application before 7.8.2.12.49.7090 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación Microsoft Outlook.com anterior a 7.8.2.12.49.7090 para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certificado manipul... • http://jvn.jp/en/jp/JVN72950786/index.html • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 12%CPEs: 8EXPL: 0CVE-2013-3905
https://notcve.org/view.php?id=CVE-2013-3905
13 Nov 2013 — Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attackers to obtain sensitive network configuration and state information via a crafted certificate in an e-mail message, aka "S/MIME AIA Vulnerability." Microsoft Outlook 2007 SP3, 2010 SP1 y SP2, 2013, y 2013 RT no expande adecuadamente los metadatos contenidos en certificados S/MIME, lo que permite a atacantes remotos obtener configuración de red sensible... • http://www.us-cert.gov/ncas/alerts/TA13-317A • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 32%CPEs: 5EXPL: 1CVE-2013-3870 – Microsoft CryptoAPI / Outlook 2007-2013 Design Bug
https://notcve.org/view.php?id=CVE-2013-3870
11 Sep 2013 — Double free vulnerability in Microsoft Outlook 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to execute arbitrary code by including many nested S/MIME certificates in an e-mail message, aka "Message Certificate Vulnerability." Vulnerabilidad de doble liberación en Microsoft Outlook 2007 (SP3) y 2010 (SP1 y SP2) permite a atacantes remotos ejecutar código a discrección incluyendo varios certificados S/MIME anidados en un mensaje de correo electrónico, tambien conocido como "Vulnerabilidad de Certific... • http://blogs.technet.com/b/srd/archive/2013/09/10/assessing-risk-for-the-september-2013-security-updates.aspx • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 28%CPEs: 3EXPL: 0CVE-2010-2728
https://notcve.org/view.php?id=CVE-2010-2728
15 Sep 2010 — Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability." Desbordamiento de búfer basado en memoria dinámica en Microsoft Outlook 2002 SP3, 2003 SP3, y 2007 SP2, cuando está habilitado el Online Mode para Exchange Server, permite a los atacantes remotos ejecutar código a su elección a través de u... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-064 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •