Microsoft: >> Outlook >> 2000 Security Vulnerabilities
Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
CVSS Score
7.8
EPSS Score
0.598
Published
2004-07-27
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
CVSS Score
8.8
EPSS Score
0.345
Published
2003-12-31
Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
CVSS Score
5.0
EPSS Score
0.082
Published
2002-12-31
Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
CVSS Score
7.5
EPSS Score
0.164
Published
2002-05-16
Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
CVSS Score
10.0
EPSS Score
0.683
Published
2001-08-14
Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.
CVSS Score
7.5
EPSS Score
0.319
Published
2001-06-05
MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object.
CVSS Score
5.0
EPSS Score
0.15
Published
2001-06-02
Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a malformed vCard birthday field.
CVSS Score
7.5
EPSS Score
0.097
Published
2001-05-03
The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files.
CVSS Score
5.0
EPSS Score
0.185
Published
2000-10-20
Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
CVSS Score
5.0
EPSS Score
0.117
Published
2000-10-20