Microsoft » Outlook : Security Vulnerabilities

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : CVE Number Descending CVE Number Ascending CVSS Score Descending Number Of Exploits Descending

#	CVE ID	CWE ID	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2023-23397	294		2023-03-14	2023-03-20	0.0	None	???	???	???	???	???	???
Microsoft Outlook Elevation of Privilege Vulnerability
2	CVE-2022-24480			2022-12-13	2022-12-15	0.0	None	???	???	???	???	???	???
Outlook for Android Elevation of Privilege Vulnerability.
3	CVE-2021-31949		Exec Code	2021-06-08	2021-06-15	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
Microsoft Outlook Remote Code Execution Vulnerability
4	CVE-2021-31941		Exec Code	2021-06-08	2021-06-10	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31940.
5	CVE-2021-28452	787	Mem. Corr.	2021-04-13	2022-05-03	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
Microsoft Outlook Memory Corruption Vulnerability
6	CVE-2020-17119			2020-12-10	2021-08-30	5.0	None	Remote	Low	Not required	Partial	None	None
Microsoft Outlook Information Disclosure Vulnerability
7	CVE-2020-16949	401	DoS	2020-10-16	2020-10-21	5.0	None	Remote	Low	Not required	None	None	Partial
A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Denial of Service Vulnerability'.
8	CVE-2020-16947	125	Exec Code	2020-10-16	2023-01-31	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
A remote code execution vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'.
9	CVE-2020-1493			2020-08-17	2023-01-31	4.3	None	Remote	Medium	Not required	Partial	None	None
An information disclosure vulnerability exists when attaching files to Outlook messages, aka 'Microsoft Outlook Information Disclosure Vulnerability'.
10	CVE-2020-1483	119	Exec Code Overflow Mem. Corr.	2020-08-17	2021-07-21	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Memory Corruption Vulnerability'.
11	CVE-2020-1349		Exec Code	2020-07-14	2023-01-31	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'.
12	CVE-2020-0760	20	Exec Code	2020-04-15	2021-07-21	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.
13	CVE-2020-0696		Bypass	2020-02-11	2020-02-13	4.3	None	Remote	Medium	Not required	None	Partial	None
A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.
14	CVE-2019-1460			2020-01-24	2020-08-24	3.5	None	Remote	Medium	???	None	Partial	None
A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'.
15	CVE-2019-1218	79	XSS	2019-08-14	2020-08-24	3.5	None	Remote	Medium	???	None	Partial	None
A spoofing vulnerability exists in the way Microsoft Outlook iOS software parses specifically crafted email messages, aka 'Outlook iOS Spoofing Vulnerability'.
16	CVE-2019-1204	20		2019-08-14	2020-08-24	4.3	None	Remote	Medium	Not required	Partial	None	None
An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages, aka 'Microsoft Outlook Elevation of Privilege Vulnerability'.
17	CVE-2019-1200		Exec Code	2019-08-14	2020-08-24	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'.
18	CVE-2019-1105	79	XSS	2019-07-29	2020-08-24	3.5	None	Remote	Medium	???	None	Partial	None
A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'.
19	CVE-2019-1084	200	+Info	2019-07-15	2020-05-04	4.0	None	Remote	Low	???	Partial	None	None
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.
20	CVE-2019-0560			2019-01-08	2020-08-24	4.3	None	Remote	Medium	Not required	Partial	None	None
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office.
21	CVE-2019-0559			2019-01-08	2020-08-24	4.3	None	Remote	Medium	Not required	Partial	None	None
An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.
22	CVE-2018-8582		Exec Code	2018-11-14	2020-08-24	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8576.
23	CVE-2018-8576		Exec Code	2018-11-14	2020-08-24	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8582.
24	CVE-2018-8524		Exec Code	2018-11-14	2020-08-24	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8576, CVE-2018-8582.
25	CVE-2018-8522		Exec Code	2018-11-14	2020-08-24	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8524, CVE-2018-8576, CVE-2018-8582.
26	CVE-2018-8244	20		2018-06-14	2018-08-06	4.3	None	Remote	Medium	Not required	None	Partial	None
An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook.
27	CVE-2018-0852	787	Exec Code Mem. Corr.	2018-02-15	2020-08-24	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Outlook handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0851.
28	CVE-2018-0851	787	Exec Code Mem. Corr.	2018-02-15	2020-08-24	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Office handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0852.
29	CVE-2018-0850			2018-02-15	2019-10-03	4.3	None	Remote	Medium	Not required	None	Partial	None
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability".
30	CVE-2018-0791		Exec Code	2018-01-10	2019-10-03	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0793.
31	CVE-2017-17689			2018-05-16	2019-10-03	4.3	None	Remote	Medium	Not required	Partial	None	None
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
32	CVE-2017-17688			2018-05-16	2019-10-03	4.3	None	Remote	Medium	Not required	Partial	None	None
DISPUTED The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification.
33	CVE-2017-11776	200	+Info	2017-10-13	2017-11-03	5.0	None	Remote	Low	Not required	Partial	None	None
Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka "Microsoft Outlook Information Disclosure Vulnerability."
34	CVE-2017-11774	119	Exec Code Overflow Bypass	2017-10-13	2021-08-30	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."
35	CVE-2017-8663	119	Exec Code Overflow Mem. Corr.	2017-08-01	2021-08-30	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a remote code execution vulnerability due to the way Microsoft Outlook parses specially crafted email messages, aka "Microsoft Office Outlook Memory Corruption Vulnerability"
36	CVE-2017-8572	200	+Info	2017-08-01	2021-08-30	4.3	None	Remote	Medium	Not required	Partial	None	None
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information disclosure vulnerability due to the way that it discloses the contents of its memory, aka "Microsoft Office Outlook Information Disclosure Vulnerability".
37	CVE-2017-8571	20	Bypass	2017-08-01	2021-08-30	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature bypass vulnerability due to the way that it handles input, aka "Microsoft Office Outlook Security Feature Bypass Vulnerability".
38	CVE-2017-8545	20		2017-06-15	2020-05-11	4.3	None	Remote	Medium	Not required	None	Partial	None
A spoofing vulnerability exists in when Microsoft Outlook for Mac does not sanitize html properly, aka "Microsoft Outlook for Mac Spoofing Vulnerability".
39	CVE-2017-8508		Bypass	2017-06-15	2019-10-03	4.3	None	Remote	Medium	Not required	None	Partial	None
A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats, aka "Microsoft Office Security Feature Bypass Vulnerability".
40	CVE-2017-8507	119	Exec Code Overflow Mem. Corr.	2017-06-15	2019-03-15	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
A remote code execution vulnerability exists in the way Microsoft Office software parses specially crafted email messages, aka "Microsoft Office Memory Corruption Vulnerability".
41	CVE-2017-8506		Exec Code	2017-06-15	2019-10-03	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-0260.
42	CVE-2017-0207			2017-04-12	2019-10-03	4.3	None	Remote	Medium	Not required	None	Partial	None
Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka "Microsoft Browser Spoofing Vulnerability."
43	CVE-2017-0204		Bypass	2017-04-12	2019-10-03	4.3	None	Remote	Medium	Not required	None	Partial	None
Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability."
44	CVE-2017-0106	119	DoS Exec Code Overflow Mem. Corr.	2017-04-12	2017-07-11	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
Microsoft Excel 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
45	CVE-2016-3366	284	Bypass	2016-09-14	2021-08-30	4.3	None	Remote	Medium	Not required	None	Partial	None
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, Outlook 2016, and Outlook 2016 for Mac do not properly implement RFC 2046, which allows remote attackers to bypass virus or spam detection via crafted MIME data in an e-mail attachment, aka "Microsoft Office Spoofing Vulnerability."
46	CVE-2016-3278	119	Exec Code Overflow Mem. Corr.	2016-07-13	2018-10-12	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
Microsoft Outlook 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
47	CVE-2013-3905	200	+Info	2013-11-13	2021-08-30	5.0	None	Remote	Low	Not required	Partial	None	None
Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attackers to obtain sensitive network configuration and state information via a crafted certificate in an e-mail message, aka "S/MIME AIA Vulnerability."
48	CVE-2013-3870	399	Exec Code	2013-09-11	2018-10-12	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
Double free vulnerability in Microsoft Outlook 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to execute arbitrary code by including many nested S/MIME certificates in an e-mail message, aka "Message Certificate Vulnerability."
49	CVE-2010-2728	119	Exec Code Overflow	2010-09-15	2018-10-12	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."
50	CVE-2008-3068		+Info	2008-07-07	2018-10-11	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.

Total number of vulnerabilities : 96 Page : 1 (This Page)2