Microsoft Outlook vulnerabilities

CVE-2020-17119 [HIGH] CVE-2020-17119: Microsoft Outlook Information Disclosure Vulnerability Microsoft Outlook Information Disclosure Vulnerability

CVE-2020-16949 [HIGH] CWE-401 CVE-2020-16949: <p>A denial of service vulnerability exists in Microsoft Outlook software when the software fails to A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system. Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Outlook

CVE-2020-16947 [HIGH] CWE-125 CVE-2020-16947: <p>A remote code execution vulnerability exists in Microsoft Outlook software when the software fail A remote code execution vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the targeted user. If the targeted user is logged on with administrative user rights, an attacker could take control

CVE-2020-1483 [HIGH] CWE-787 CVE-2020-1483: A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properl A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affec

CVE-2020-1493 [MEDIUM] CWE-922 CVE-2020-1493: An information disclosure vulnerability exists when attaching files to Outlook messages. This vulner An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users. To exploit this vulnerability, an attacker would have to attach a file as a link to an emai

CVE-2020-1349 [HIGH] CVE-2020-1349: A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'.

CVE-2020-0760 [HIGH] CVE-2020-0760: A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type l A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.

CVE-2020-0696 [MEDIUM] CVE-2020-0696: A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly hand A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.

CVE-2019-1200 [HIGH] CVE-2019-1200: A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user wi

CVE-2019-1204 [MEDIUM] CWE-20 CVE-2019-1204: An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incomi An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a local or remote message store (over SMB). To exploit the vulnerability, the att

CVE-2019-1084 [MEDIUM] CWE-200 CVE-2019-1084: An information disclosure vulnerability exists when Exchange allows creation of entities with Displa An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by valida

CVE-2019-0559 [MEDIUM] CVE-2019-0559: An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain typ An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.

CVE-2019-0560 [MEDIUM] CVE-2019-0560: An information disclosure vulnerability exists when Microsoft Office improperly discloses the conten An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office.

CVE-2018-8576 [HIGH] CVE-2018-8576: A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8582.

CVE-2018-8522 [HIGH] CVE-2018-8522: A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8524, CVE-2018-8576, CVE-2018-8582.

CVE-2018-8582 [HIGH] CVE-2018-8582: A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modi A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8576.

CVE-2018-8524 [HIGH] CVE-2018-8524: A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8576, CVE-2018-8582.

CVE-2018-8244 [MEDIUM] CWE-20 CVE-2018-8244: An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment h An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook.

CVE-2017-17688 [MEDIUM] CVE-2017-17688: The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can in The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification

CVE-2017-17689 [MEDIUM] CVE-2017-17689: The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can in The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.