Search Results (46 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2000-0105 1 Microsoft 1 Outlook Express 2026-04-16 N/A
Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers to view a user's email messages via a script that accesses a variable that references subsequent email messages that are read by the client.
CVE-2000-0653 1 Microsoft 1 Outlook Express 2026-04-16 N/A
Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability.
CVE-2004-2694 1 Microsoft 1 Outlook Express 2026-04-16 N/A
Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top".
CVE-2001-1325 1 Microsoft 2 Internet Explorer, Outlook Express 2026-04-16 N/A
Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH).
CVE-2005-4840 1 Microsoft 2 Internet Explorer, Outlook Express Book Control 2026-04-16 N/A
The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer.
CVE-2002-2164 1 Microsoft 1 Outlook Express 2026-04-16 N/A
Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long <A HREF> link.
CVE-1999-1033 1 Microsoft 1 Outlook Express 2026-04-16 N/A
Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause Outlook to re-enter POP3 command mode and cause the POP3 session to hang.
CVE-2001-0999 1 Microsoft 1 Outlook Express 2026-04-16 N/A
Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script.
CVE-2001-0145 1 Microsoft 2 Outlook, Outlook Express 2026-04-16 N/A
Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a malformed vCard birthday field.
CVE-2001-0945 1 Microsoft 1 Outlook Express 2026-04-16 N/A
Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line.
CVE-2002-0285 1 Microsoft 1 Outlook Express 2026-04-16 N/A
Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers.
CVE-2005-2226 1 Microsoft 1 Outlook Express 2026-04-16 N/A
Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information.
CVE-2004-2137 1 Microsoft 1 Outlook Express 2026-04-16 N/A
Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information.
CVE-2000-0329 1 Microsoft 4 Ie, Internet Explorer, Outlook and 1 more 2026-04-16 N/A
A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.
CVE-2004-0380 1 Microsoft 1 Outlook Express 2026-04-16 N/A
The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."
CVE-2004-0526 1 Microsoft 4 Ie, Internet Explorer, Outlook and 1 more 2026-04-16 N/A
Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
CVE-2006-0014 1 Microsoft 1 Outlook Express 2026-04-16 N/A
Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.
CVE-2000-0621 1 Microsoft 2 Outlook, Outlook Express 2026-04-16 N/A
Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
CVE-2006-2111 1 Microsoft 1 Outlook Express 2026-04-16 N/A
A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability."
CVE-2000-0036 1 Microsoft 2 Ie, Outlook Express 2026-04-16 N/A
Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.