8 results (0.010 seconds)

CVSS: 5.0EPSS: 4%CPEs: 32EXPL: 2

Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. Versiones desconocidas de Internet Explorer y Outlook permiten a atacantes remotos suplantar URL legítimas en la barra de estado mediante etiquetas A HREF con valores "alt" modificados que apuntan al sitio legítimo, combinado con un mapa de imagen cuyo HREF apunta al sitio malicioso, lo que facilita ataques de suplantación para robo de datos (phising). • https://www.exploit-db.com/exploits/24102 http://archives.neohapsis.com/archives/bugtraq/2004-05/0161.html http://marc.info/?l=bugtraq&m=108422905510713&w=2 http://www.kurczaba.com/securityadvisories/0405132poc.htm http://www.securityfocus.com/bid/10308 https://exchange.xforce.ibmcloud.com/vulnerabilities/16102 •

CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 2

Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page. • https://www.exploit-db.com/exploits/21004 https://www.exploit-db.com/exploits/21003 http://marc.info/?l=bugtraq&m=99496431214078&w=2 http://www.ciac.org/ciac/bulletins/l-113.shtml http://www.kb.cert.org/vuls/id/131569 http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtraq&F=P&S=&P=862 http://www.securityfocus.com/bid/3025 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-038 https://exchange.xforce.ibmcloud.co •

CVSS: 7.5EPSS: 3%CPEs: 11EXPL: 3

Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user. • https://www.exploit-db.com/exploits/20899 http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq234241 http://www.securityfocus.com/archive/1/188752 http://www.securityfocus.com/bid/2823 https://exchange.xforce.ibmcloud.com/vulnerabilities/6655 •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files. • http://www.securityfocus.com/archive/1/201422 http://www.securityfocus.com/archive/1/78240 http://www.securityfocus.com/bid/1631 https://exchange.xforce.ibmcloud.com/vulnerabilities/5508 •

CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0

Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability. • http://www.cert.org/advisories/CA-2000-14.html http://www.securityfocus.com/bid/1501 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-046 https://exchange.xforce.ibmcloud.com/vulnerabilities/5013 •