Microsoft Outlook Express vulnerabilities

CVE-2002-2164 [MEDIUM] CVE-2002-2164: Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a de Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long link.

CVE-2002-2202 [LOW] CVE-2002-2202: Outlook Express 6.0 does not delete messages from dbx files, even when a user empties the Deleted it Outlook Express 6.0 does not delete messages from dbx files, even when a user empties the Deleted items folder, which allows local users to read other users email.

CVE-2002-1179 [HIGH] CVE-2002-1179: Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows rem Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message.

CVE-2002-0285 [HIGH] CVE-2002-0285: Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers.

CVE-2002-0152 [HIGH] CVE-2002-0152: Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a d Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v.

CVE-2001-1547 [HIGH] CVE-2001-1547: Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code.

CVE-2001-0945 [MEDIUM] CVE-2001-0945: Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line.

CVE-2001-0999 [HIGH] CVE-2001-0999: Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script.

CVE-2001-1088 [HIGH] CVE-2001-1088: Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put pe Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is i

CVE-2001-0322 [MEDIUM] CVE-2001-0322: MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to caus MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object.

CVE-2001-0145 [HIGH] CVE-2001-0145: Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a malformed vCard birthday field.

CVE-2001-1325 [HIGH] CVE-2001-1325: Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute sc Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH).

CVE-2000-0621 [HIGH] CVE-2000-0621: Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read fil Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.

CVE-2000-0653 [MEDIUM] CVE-2000-0653: Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability.

CVE-2000-0567 [MEDIUM] CVE-2000-0567: Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrar Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability.

CVE-2000-0415 [MEDIUM] CVE-2000-0415: Buffer overflow in Outlook Express 4.x allows attackers to cause a denial of service via a mail or n Buffer overflow in Outlook Express 4.x allows attackers to cause a denial of service via a mail or news message that has a .jpg or .bmp attachment with a long file name.

CVE-2000-0105 [MEDIUM] CVE-2000-0105: Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers to view a user's email messag Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers to view a user's email messages via a script that accesses a variable that references subsequent email messages that are read by the client.

CVE-2000-0036 [MEDIUM] CVE-2000-0036: Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka t Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.

CVE-2000-0329 [MEDIUM] CVE-2000-0329: A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an atta A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.

CVE-1999-1016 [MEDIUM] CVE-1999-1016: Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Expr Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell.