Microsoft » Outlook » 2013 for x64 : Security Vulnerabilities, CVEs,
CVE-2023-35311
Known exploited
Microsoft Outlook Security Feature Bypass Vulnerability
Max CVSS
8.8
EPSS Score
0.97%
Published
2023-07-11
Updated
2023-07-14
CISA KEV Added
2023-07-11
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability".
Max CVSS
6.5
EPSS Score
0.26%
Published
2018-02-15
Updated
2019-10-03
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
Max CVSS
5.9
EPSS Score
0.55%
Published
2018-05-16
Updated
2019-10-03
Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attackers to obtain sensitive network configuration and state information via a crafted certificate in an e-mail message, aka "S/MIME AIA Vulnerability."
Max CVSS
5.0
EPSS Score
82.71%
Published
2013-11-13
Updated
2021-08-30
4 vulnerabilities found