Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:microsoft:outlook:2013:-:-:*:-:-:x64:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-35311 |
Microsoft Outlook Security Feature Bypass Vulnerability Published: July 11, 2023; 2:15:17 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2017-17689 |
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. Published: May 16, 2018; 3:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-0850 |
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability". Published: February 14, 2018; 9:29:03 PM -0500 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2013-3905 |
Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attackers to obtain sensitive network configuration and state information via a crafted certificate in an e-mail message, aka "S/MIME AIA Vulnerability." Published: November 12, 2013; 7:55:02 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2007-4040 |
Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670. Published: July 27, 2007; 6:30:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2006-6659 |
The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML. Published: December 19, 2006; 9:28:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2000-0216 |
Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list. Published: February 29, 2000; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2000-0160 |
The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft. Published: February 21, 2000; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.6 HIGH |