threat
engine
.sh
Back
·
··:··
Home
/
Product
/
microsoft outlook express
Product
microsoft outlook express
45 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2010-3147
all versions
Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows
CVE-2010-0816
all versions
Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3,
CVE-2008-5424
all versions
The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multip
CVE-2008-1448
all versions
The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assig
CVE-2007-3897
<= 6.0
Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Tran
CVE-2007-4040
all versions
Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote
8.8
HIGH
CVE-2007-2227
all versions
The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Dispo
CVE-2007-2225
all versions
A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when pr
CVE-2006-2386
all versions
Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a craft
CVE-2006-2111
all versions
A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information
CVE-2006-0014
all versions
Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Add
CVE-2005-2226
all versions
Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which
CVE-2005-1213
all versions
Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malici
CVE-2004-2694
all versions
Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources
CVE-2004-2137
all versions
Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC re
CVE-2004-0526
all versions
Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF ta
CVE-2004-0215
all versions
Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail heade
CVE-2004-0380
all versions
The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass do
CVE-2003-1378
all versions
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute ar
CVE-2003-0301
all versions
The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malicious IMAP servers to cause a denial of service (crash) via c
CVE-2003-0300
all versions
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large li
CVE-2002-2202
all versions
Outlook Express 6.0 does not delete messages from dbx files, even when a user empties the Deleted items folder, which allows local
CVE-2002-2164
all versions
Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a
CVE-2002-1179
all versions
Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbit
CVE-2002-0862
all versions
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Micros
CVE-2002-0285
all versions
Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/l
CVE-2002-0152
all versions
Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or ex
CVE-2001-1547
all versions
Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not blo
CVE-2001-0945
all versions
Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-ma
CVE-2001-0999
all versions
Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content
CVE-2001-1088
all versions
Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address
CVE-2001-0322
all versions
MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (applica
CVE-2001-0145
all versions
Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands
CVE-2001-1325
all versions
Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is
CVE-2000-0653
all versions
Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook E
CVE-2000-0621
all versions
Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via
CVE-2000-0567
all versions
Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date fie
CVE-2000-0415
all versions
Buffer overflow in Outlook Express 4.x allows attackers to cause a denial of service via a mail or news message that has a .jpg or
CVE-2000-0105
all versions
Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers to view a user's email messages via a script that accesses
CVE-2000-0036
all versions
Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vuln
CVE-2000-0329
all versions
A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script
CVE-1999-1016
all versions
Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and pos
CVE-1999-1164
all versions
Microsoft Outlook client allows remote attackers to cause a denial of service by sending multiple email messages with the same X-U
CVE-1999-1033
<= 4.72.3612.1700
Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadverten
CVE-1999-0967
all versions
Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource p
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin