CVSS: 9.3EPSS: 49%CPEs: 19EXPL: 5CVE-2010-3147 – Microsoft Address Book 6.00.2900.5512 - 'wab32res.dll' DLL Hijacking
https://notcve.org/view.php?id=CVE-2010-3147
27 Aug 2010 — Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for t... • https://www.exploit-db.com/exploits/14745 •
CVSS: 9.3EPSS: 55%CPEs: 35EXPL: 4CVE-2010-0816 – Microsoft Windows Outlook Express and Windows Mail - Integer Overflow
https://notcve.org/view.php?id=CVE-2010-0816
12 May 2010 — Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlo... • https://www.exploit-db.com/exploits/12564 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 28%CPEs: 1EXPL: 1CVE-2008-5424
https://notcve.org/view.php?id=CVE-2008-5424
11 Dec 2008 — The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173. La función MimeOleClearDirtyTree en InetComm.dll en Microsoft Outlook Express v6.00.2900.5512 no gestiona apropiad... • http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 46%CPEs: 4EXPL: 0CVE-2008-1448
https://notcve.org/view.php?id=CVE-2008-1448
13 Aug 2008 — The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability." El manejador de protocolo MHTML en un componente de Outlook Express versiones 5.5 SP2 y 6 hasta ... • http://marc.info/?l=bugtraq&m=121915960406986&w=2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 64%CPEs: 3EXPL: 0CVE-2007-3897
https://notcve.org/view.php?id=CVE-2007-3897
09 Oct 2007 — Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption. Un desbordamiento de búfer en la región heap de la memoria en Microsoft Outlook Express versión 6 y anteriores, y Windows Mail para Vista, permite que los servidores remotos de Network News Transfer Protocol (NNTP) ejecuten código arbitrario por medio de las respuestas N... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 7%CPEs: 2EXPL: 0CVE-2007-4040
https://notcve.org/view.php?id=CVE-2007-4040
27 Jul 2007 — Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670. Vulnerabilidad de inyección de argumento involucrando a Microsoft Outlook y Outlook Express, cuando determinados URIS se han registrado, pe... • http://larholm.com/2007/07/25/mozilla-protocol-abuse • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 51%CPEs: 12EXPL: 0CVE-2007-2227
https://notcve.org/view.php?id=CVE-2007-2227
12 Jun 2007 — The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability." El manejador de protocolo MHTML en Microsoft Outlook Express 6 y Windows Mail en Windows Vista no maneja adecuadamente "notificaciones" de disposición de contenido (Content-... • http://archive.openmya.devnull.jp/2007.06/msg00060.html •
CVSS: 4.3EPSS: 49%CPEs: 12EXPL: 0CVE-2007-2225
https://notcve.org/view.php?id=CVE-2007-2225
12 Jun 2007 — A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability." Un componente en Microsoft Outlook Express 6 y windows Mail en Windows Vista no maneja adecuadamente determinadas cabeceras HTTP cuado procesa URLs del protocolo MHTML, lo cual permit... • http://archive.openmya.devnull.jp/2007.06/msg00060.html •
CVSS: 7.8EPSS: 56%CPEs: 4EXPL: 0CVE-2006-2386
https://notcve.org/view.php?id=CVE-2006-2386
13 Dec 2006 — Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. Vulnerabilidad sin especificar en el Microsoft Outlook Express 6 y versiones anteriores, permite a atacantes remotos ejecutar código de su elección a través de un registro de contactos modificado en el fichero Windows Address Book (WAB). • http://secunia.com/advisories/23311 •
CVSS: 4.7EPSS: 39%CPEs: 1EXPL: 4CVE-2006-2111 – Outlook Express 5.5/6.0 / Windows Mail - MHTML URI Handler Information Disclosure
https://notcve.org/view.php?id=CVE-2006-2111
01 May 2006 — A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability." • https://www.exploit-db.com/exploits/27745 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •