Microsoft Outlook Express — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Outlook Express, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (45)
CVE-2004-0380 — CVSS 10.0 (critical): The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain…
CVE-1999-0967 — CVSS 10.0 (critical): Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol.
CVE-2010-3147 — CVSS 9.3 (critical): Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server…
CVE-2010-0816 — CVSS 9.3 (critical): Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows…
CVE-2007-3897 — CVSS 9.3 (critical): Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer…
CVE-2003-1378 — CVSS 8.8 (high): Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary…
CVE-2007-4040 — CVSS 8.8 (high): Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers…
CVE-2001-0145 — CVSS 7.5 (high): Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a…
CVE-2000-0621 — CVSS 7.5 (high): Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a…
CVE-2001-0999 — CVSS 7.5 (high): Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is…
CVE-2001-1088 — CVSS 7.5 (high): Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book"…
CVE-2005-1213 — CVSS 7.5 (high): Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP…
CVE-2001-1325 — CVSS 7.5 (high): Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled…
CVE-2001-1547 — CVSS 7.5 (high): Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email…
CVE-2002-0152 — CVSS 7.5 (high): Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute…
CVE-2002-0285 — CVSS 7.5 (high): Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed…
CVE-2002-1179 — CVSS 7.5 (high): Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code…
CVE-2008-1448 — CVSS 7.1 (high): The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the…
CVE-2002-0862 — CVSS 6.8 (medium): The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft…
CVE-2006-2386 — CVSS 6.8 (medium): Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted…
CVE-2004-2694 — CVSS 5.8 (medium): Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the…
CVE-2000-0329 — CVSS 5.1 (medium): A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an…
CVE-2006-0014 — CVSS 5.1 (medium): Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book…
CVE-2004-0215 — CVSS 5.0 (medium): Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.
CVE-1999-1016 — CVSS 5.0 (medium): Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly…
CVE-1999-1033 — CVSS 5.0 (medium): Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause…
CVE-1999-1164 — CVSS 5.0 (medium): Microsoft Outlook client allows remote attackers to cause a denial of service by sending multiple email messages with the same X-UIDL…
CVE-2000-0036 — CVSS 5.0 (medium): Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.
CVE-2000-0105 — CVSS 5.0 (medium): Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers to view a user's email messages via a script that accesses a…
CVE-2000-0415 — CVSS 5.0 (medium): Buffer overflow in Outlook Express 4.x allows attackers to cause a denial of service via a mail or news message that has a .jpg or .bmp…
CVE-2000-0567 — CVSS 5.0 (medium): Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an…
CVE-2000-0653 — CVSS 5.0 (medium): Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express…
CVE-2001-0322 — CVSS 5.0 (medium): MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application…
CVE-2001-0945 — CVSS 5.0 (medium): Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail…
CVE-2002-2164 — CVSS 5.0 (medium): Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long <A…
CVE-2003-0300 — CVSS 5.0 (medium): The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal…
CVE-2003-0301 — CVSS 5.0 (medium): The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malicious IMAP servers to cause a denial of service (crash) via certain…
CVE-2004-0526 — CVSS 5.0 (medium): Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with…
CVE-2004-2137 — CVSS 5.0 (medium): Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients…
CVE-2005-2226 — CVSS 5.0 (medium): Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could…
CVE-2007-2227 — CVSS 4.3 (medium): The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition…
CVE-2007-2225 — CVSS 4.3 (medium): A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing…
CVE-2008-5424 — CVSS 4.3 (medium): The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed…
CVE-2006-2111 — CVSS 4.3 (medium): A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via…
CVE-2002-2202 — CVSS 3.8 (low): Outlook Express 6.0 does not delete messages from dbx files, even when a user empties the Deleted items folder, which allows local users to…