Microsoft: >> Outlook Security Vulnerabilities
The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability.
CVSS Score
7.5
EPSS Score
0.109
Published
2000-05-11
Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list.
CVSS Score
5.0
EPSS Score
0.051
Published
2000-02-29
The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft.
CVSS Score
7.6
EPSS Score
0.103
Published
2000-02-21
A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.
CVSS Score
5.1
EPSS Score
0.08
Published
1999-11-11
Microsoft Outlook client allows remote attackers to cause a denial of service by sending multiple email messages with the same X-UIDL headers, which causes Outlook to hang.
CVSS Score
5.0
EPSS Score
0.069
Published
1999-06-25
The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content.
CVSS Score
4.6
EPSS Score
0.003
Published
1999-01-01
A NETBIOS/SMB share password is the default, null, or missing.
CVSS Score
7.5
EPSS Score
0.087
Published
1997-01-01
Page 12