Microsoft: >> Outlook >> 3.12.0 Security Vulnerabilities
Microsoft Outlook for iOS Information Disclosure Vulnerability
CVSS Score
6.5
EPSS Score
0.017
Published
2024-09-10
Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.
CVSS Score
8.8
EPSS Score
0.18
Published
2007-07-27
The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.
CVSS Score
5.0
EPSS Score
0.234
Published
2006-12-20
Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
CVSS Score
10.0
EPSS Score
0.683
Published
2001-08-14
Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list.
CVSS Score
5.0
EPSS Score
0.13
Published
2000-02-29
The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft.
CVSS Score
7.6
EPSS Score
0.103
Published
2000-02-21