This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 1997-01-01 |
| Product | Outlook | Last view | 2025-06-10 |
| Version | 2007 | Type | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| Date | Alert | Description | |
|---|---|---|---|
| 0 | 2025-06-10 | CVE-2025-47171 | Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally. |
| 7.5 | 2025-04-08 | CVE-2025-29805 | Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network. |
| 5.3 | 2025-02-11 | CVE-2025-21259 | Microsoft Outlook Spoofing Vulnerability |
| 7.8 | 2025-01-14 | CVE-2025-21361 | Microsoft Outlook Remote Code Execution Vulnerability |
| 6.7 | 2025-01-14 | CVE-2025-21357 | Microsoft Outlook Remote Code Execution Vulnerability |
| 8 | 2024-10-08 | CVE-2024-43604 | Outlook for Android Elevation of Privilege Vulnerability |
| 0 | 2024-09-10 | CVE-2024-43482 | Microsoft Outlook for iOS Information Disclosure Vulnerability |
| 0 | 2024-08-13 | CVE-2024-38173 | Microsoft Outlook Remote Code Execution Vulnerability |
| 0 | 2024-07-09 | CVE-2024-38020 | Microsoft Outlook Spoofing Vulnerability |
| 0 | 2024-06-11 | CVE-2024-30103 | Microsoft Outlook Remote Code Execution Vulnerability |
| 8.1 | 2024-04-09 | CVE-2024-20670 | Outlook for Windows Spoofing Vulnerability |
| 0 | 2024-03-12 | CVE-2024-26204 | Outlook for Android Information Disclosure Vulnerability |
| 0 | 2024-02-13 | CVE-2024-21378 | Microsoft Outlook Remote Code Execution Vulnerability |
| 0 | 2023-09-12 | CVE-2023-36763 | Microsoft Outlook Information Disclosure Vulnerability |
| 0 | 2023-08-08 | CVE-2023-36893 | Microsoft Outlook Spoofing Vulnerability |
| 8.8 | 2023-07-11 | CVE-2023-35311 | Microsoft Outlook Security Feature Bypass Vulnerability |
| 0 | 2023-06-14 | CVE-2023-33131 | Microsoft Outlook Remote Code Execution Vulnerability |
| 0 | 2023-06-01 | CVE-2022-35742 | Microsoft Outlook Denial of Service Vulnerability |
| 9.8 | 2023-03-14 | CVE-2023-23397 | Microsoft Outlook Elevation of Privilege Vulnerability |
| 0 | 2022-12-13 | CVE-2022-24480 | Outlook for Android Elevation of Privilege Vulnerability |
| 6.8 | 2021-06-08 | CVE-2021-31949 | Microsoft Outlook Remote Code Execution Vulnerability |
| 6.8 | 2021-06-08 | CVE-2021-31941 | Microsoft Office Graphics Remote Code Execution Vulnerability |
| 6.8 | 2021-04-13 | CVE-2021-28452 | Microsoft Outlook Memory Corruption Vulnerability |
| 5 | 2020-12-10 | CVE-2020-17119 | Microsoft Outlook Information Disclosure Vulnerability |
| 5 | 2020-10-16 | CVE-2020-16949 | A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system. Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Outlook server. The security update addresses the vulnerability by correcting how Microsoft Outlook handles objects in memory. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 20% (8) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 15% (6) | CWE-787 | Out-of-bounds Write |
| 12% (5) | CWE-200 | Information Exposure |
| 10% (4) | CWE-20 | Improper Input Validation |
| 7% (3) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 5% (2) | CWE-399 | Resource Management Errors |
| 5% (2) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 5% (2) | CWE-88 | Argument Injection or Modification |
| 2% (1) | CWE-415 | Double Free |
| 2% (1) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
| 2% (1) | CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition |
| 2% (1) | CWE-294 | Authentication Bypass by Capture-replay |
| 2% (1) | CWE-284 | Access Control (Authorization) Issues |
| 2% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 2% (1) | CWE-125 | Out-of-bounds Read |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-41 | Using Meta-characters in E-mail Headers to Inject Malicious Payloads |
| CAPEC-88 | OS Command Injection |
| CAPEC-133 | Try All Common Application Switches and Options |
Oval Markup Language : Definitions
This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:429 | MS Outlook (Word 2002) RTF/HTML Script Execution Vulnerability |
| oval:org.mitre.oval:def:205 | MS Outlook (Word 2000) RTF/HTML Script Execution Vulnerability |
| oval:org.mitre.oval:def:517 | IE v6.0,SP1 (Server 2003) Malformed GIF Image Double-free Vulnerability |
| oval:org.mitre.oval:def:509 | IE v5.01,SP4 Malformed GIF Image Double-free Vulnerability |
| oval:org.mitre.oval:def:236 | IE v6.0,SP1 Malformed GIF Image Double-free Vulnerability |
| oval:org.mitre.oval:def:212 | IE v5.01,SP3 Malformed GIF Image Double-free Vulnerability |
| oval:org.mitre.oval:def:2100 | IE v5.5,SP2 Malformed GIF Image Double-free Vulnerability |
| oval:org.mitre.oval:def:206 | IE v5.01,SP2 Malformed GIF Image Double-free Vulnerability |
| oval:org.mitre.oval:def:1793 | IE v6.0 Malformed GIF Image Double-free Vulnerability |
| oval:org.mitre.oval:def:843 | MS Outlook Argument Injection Local Vulnerability |
| oval:org.mitre.oval:def:4307 | GDI+ JPEG Parsing Engine Buffer Overflow (VS.NET 2002) |
| oval:org.mitre.oval:def:4216 | GDI+ JPEG Parsing Engine Buffer Overflow (IE6) |
| oval:org.mitre.oval:def:4003 | GDI+ JPEG Parsing Engine Buffer Overflow (Windows XP) |
| oval:org.mitre.oval:def:3881 | GDI+ JPEG Parsing Engine Buffer Overflow (Office XP,SP2) |
| oval:org.mitre.oval:def:3810 | GDI+ JPEG Parsing Engine Buffer Overflow (Project 2003) |
| oval:org.mitre.oval:def:3320 | GDI+ JPEG Parsing Engine Buffer Overflow Microsoft Office Visio Pro 2003 |
| oval:org.mitre.oval:def:3082 | GDI+ JPEG Parsing Engine Buffer Overflow (Visio Pro 2002) |
| oval:org.mitre.oval:def:3038 | GDI+ JPEG Parsing Engine Buffer Overflow (Project 2002,SP1) |
| oval:org.mitre.oval:def:2706 | GDI+ JPEG Parsing Engine Buffer Overflow (Office 2003) |
| oval:org.mitre.oval:def:1721 | GDI+ JPEG Parsing Engine Buffer Overflow (VS.NET 2003) |
| oval:org.mitre.oval:def:1105 | GDI+ JPEG Parsing Engine Buffer Overflow (Server 2003) |
| oval:org.mitre.oval:def:1157 | Crystal Reports Business Objects Directory Traversal |
| oval:org.mitre.oval:def:624 | Exchange Server 5.5 TNEF Decoding Vulnerability |
| oval:org.mitre.oval:def:1485 | Outlook 2000 TNEF Decoding Vulnerability |
| oval:org.mitre.oval:def:1456 | Outlook 2003 TNEF Decoding Vulnerability |
SAINT Exploits
| Description | Link |
|---|---|
| Microsoft Outlook SMB Attachment ATTACH_BY_REFERENCE vulnerability | More info here |
| Internet Explorer VML rect fill buffer overflow | More info here |
Open Source Vulnerability Database (OSVDB)
This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 67982 | Microsoft Outlook E-mail Content Parsing Remote Overflow |
| 66296 | Microsoft Outlook SMB Attachment Handling Arbitrary Program Execution |
| 60397 | Microsoft Outlook HTML Email CODEBASE Parameter Arbitrary Program Execution |
| 59500 | Microsoft IE HTML Parser (MSHTML.DLL) Browser Window Object Handling DoS |
| 47004 | Microsoft Crypto API S/MIME X.509 Certificate CRL Check Remote Information Di... |
| 46931 | Microsoft Outlook/Express Unspecified URI Handling Arbitrary Command Injection |
| 34830 | Microsoft Outlook Recipient ActiveX (ole32.dll) Crafted HTML DoS |
| 31901 | Microsoft Office Unspecified String Handling Arbitrary Code Execution |
| 31254 | Microsoft Outlook Advanced Find .oss File Handling Remote Code Execution |
| 31253 | Microsoft Outlook E-mail Header Processing Unspecified DoS |
| 31252 | Microsoft Outlook VEVENT Record Handling Remote Code Execution |
| 29448 | Microsoft PowerPoint Crafted File Unspecified Code Execution |
| 28946 | Microsoft IE Vector Markup Language (VML) Arbitrary Code Execution |
| 25003 | Microsoft Office mailto: Arbitrary File Access |
| 22305 | Microsoft Outlook/Exchange TNEF Decoding Arbitrary Code Execution |
| 15480 | Microsoft Outlook From Header Comma Parsing Failure |
| 11945 | Microsoft Outlook 2002 IFRAME Tag Embedded URL |
| 11944 | Microsoft Outlook 2002 HREF Tag Embedded JavaScript Execution |
| 11938 | Microsoft Outlook Express Attachment Filename Overflow |
| 11935 | Microsoft Multiple Mail Client Read/Delivery Receipt Tag DoS |
| 11424 | Microsoft Outlook V1 Exchange Server Security Certificate Cleartext Transmission |
| 11423 | Microsoft Outlook Malformed Header DoS |
| 11420 | Microsoft Outlook WMP .wms File IFRAME Command Execution |
| 11417 | Microsoft Outlook/Express VCard Handler Remote Overflow |
| 11416 | Microsoft Outlook/Express Blank Header DoS |
OpenVAS Exploits
| id | Description |
|---|---|
| 2011-10-14 | Name : Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability File : nvt/gb_ms_windows_smb_share_passwd_null_sec_bypass_vuln.nasl |
| 2010-09-15 | Name : Microsoft Outlook TNEF Remote Code Execution Vulnerability (2315011) File : nvt/secpod_ms10-064.nasl |
| 2010-07-14 | Name : Microsoft Outlook SMB Attachment Remote Code Execution Vulnerability (978212) File : nvt/secpod_ms10-045.nasl |
| 2009-03-15 | Name : Microsoft MS04-017 security check File : nvt/remote-MS04-017.nasl |
| 2005-11-03 | Name : IE 5.01 5.5 6.0 Cumulative patch (890923) File : nvt/smb_nt_ms02-005.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-A-0090 | Multiple Vulnerabilities in Microsoft Office (MS15-033) Severity: Category II - VMSKEY: V0059895 |
| 2013-A-0216 | Microsoft Office Outlook Information Disclosure Vulnerability Severity: Category II - VMSKEY: V0042295 |
| 2013-A-0173 | Microsoft Outlook Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0040293 |
| 2010-A-0093 | Microsoft Office Outlook Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0024852 |
| 2006-A-0003 | Microsoft Outlook and Exchange TNEF Decoding Vulnerability Severity: Category I - VMSKEY: V0011719 |
Snort® IPS/IDS
This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Office Outlook Saved Search download attempt RuleID : 9847 - Type : FILE-OFFICE - Revision : 14 |
| 2014-01-10 | Microsoft Office Outlook VEVENT overflow attempt RuleID : 9841 - Type : SERVER-MAIL - Revision : 18 |
| 2014-01-10 | Outlook View OVCtl ActiveX clsid unicode access RuleID : 9819 - Type : WEB-ACTIVEX - Revision : 6 |
| 2014-01-10 | Outlook Recipient Control ActiveX function call access RuleID : 9670 - Type : BROWSER-PLUGINS - Revision : 9 |
| 2014-01-10 | Outlook Recipient Control ActiveX clsid unicode access RuleID : 9669 - Type : WEB-ACTIVEX - Revision : 6 |
| 2014-01-10 | Outlook Recipient Control ActiveX clsid access RuleID : 9668 - Type : BROWSER-PLUGINS - Revision : 11 |
| 2014-01-10 | Microsoft Office Outlook View OVCtl ActiveX clsid access RuleID : 8422 - Type : BROWSER-PLUGINS - Revision : 16 |
| 2014-01-10 | Microsoft Windows Vector Markup Language fill method overflow attempt RuleID : 8416 - Type : OS-WINDOWS - Revision : 20 |
| 2014-01-10 | Microsoft Windows Scripting Host Shell ActiveX function call access RuleID : 8068 - Type : BROWSER-PLUGINS - Revision : 17 |
| 2014-01-10 | Microsoft Forms 2.0 ComboBox ActiveX CLSID unicode access RuleID : 7955 - Type : WEB-ACTIVEX - Revision : 7 |
| 2014-01-10 | Microsoft Forms 2.0 ComboBox ActiveX clsid access RuleID : 7954 - Type : BROWSER-PLUGINS - Revision : 12 |
| 2020-12-01 | Microsoft Office Outlook email parsing remote code execution attempt RuleID : 56157 - Type : FILE-OFFICE - Revision : 1 |
| 2020-12-01 | Microsoft Office Outlook email parsing remote code execution attempt RuleID : 56156 - Type : FILE-OFFICE - Revision : 1 |
| 2019-09-19 | Microsoft Outlook for Android stored cross-site script attempt RuleID : 51103 - Type : OS-MOBILE - Revision : 1 |
| 2019-09-19 | Microsoft Outlook for Android stored cross-site script attempt RuleID : 51102 - Type : OS-MOBILE - Revision : 1 |
| 2018-12-14 | Microsoft Office Outlook rwz file memory corruption attempt RuleID : 48408 - Type : FILE-OFFICE - Revision : 2 |
| 2018-12-14 | Microsoft Office Outlook rwz file memory corruption attempt RuleID : 48407 - Type : FILE-OFFICE - Revision : 2 |
| 2018-12-14 | Microsoft Office Outlook rwz file memory corruption attempt RuleID : 48406 - Type : FILE-OFFICE - Revision : 3 |
| 2018-12-14 | Microsoft Office Outlook rwz file memory corruption attempt RuleID : 48405 - Type : FILE-OFFICE - Revision : 3 |
| 2018-12-14 | Microsoft Outlook email rules file memory corruption attempt RuleID : 48404 - Type : FILE-OFFICE - Revision : 3 |
| 2018-12-14 | Microsoft Outlook email rules file memory corruption attempt RuleID : 48403 - Type : FILE-OFFICE - Revision : 3 |
| 2017-11-28 | Microsoft Office Outlook SMB attach by reference code execution attempt RuleID : 44670 - Type : FILE-OFFICE - Revision : 1 |
| 2017-11-28 | Microsoft Office Outlook SMB attach by reference code execution attempt RuleID : 44669 - Type : FILE-OFFICE - Revision : 1 |
| 2017-10-17 | Microsoft Office RTF hex encoded WRAssembly ASLR bypass download attempt RuleID : 44364 - Type : FILE-OFFICE - Revision : 2 |
| 2017-10-17 | Microsoft Office RTF hex encoded WRAsembly ASLR bypass download attempt RuleID : 44363 - Type : FILE-OFFICE - Revision : 2 |
Nessus® Vulnerability Scanner
This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-77fe2e20ad.nasl - Type: ACT_GATHER_INFO |
| 2018-05-29 | Name: The remote Fedora host is missing a security update. File: fedora_2018-6020628437.nasl - Type: ACT_GATHER_INFO |
| 2018-05-29 | Name: The remote Fedora host is missing a security update. File: fedora_2018-25525a9346.nasl - Type: ACT_GATHER_INFO |
| 2017-10-10 | Name: The version of Outlook installed on the remote host is affected by multiple v... File: smb_nt_ms17_oct_outlook.nasl - Type: ACT_GATHER_INFO |
| 2017-09-25 | Name: The version of Outlook installed on the remote host is affected by multiple v... File: smb_nt_ms17_sep_outlook.nasl - Type: ACT_GATHER_INFO |
| 2017-07-28 | Name: An application installed on the remote Windows host is affected by multiple v... File: smb_nt_ms17_jul_outlook.nasl - Type: ACT_GATHER_INFO |
| 2017-06-14 | Name: An application installed on the remote Windows host is affected by multiple v... File: smb_nt_ms17_jun_office.nasl - Type: ACT_GATHER_INFO |
| 2017-06-13 | Name: An application installed on the remote macOS or Mac OS X host is affected by ... File: macosx_ms17_june_office.nasl - Type: ACT_GATHER_INFO |
| 2017-04-12 | Name: An application installed on the remote Windows host is affected by multiple v... File: smb_nt_ms17_apr_office.nasl - Type: ACT_GATHER_INFO |
| 2017-04-12 | Name: An application installed on the remote macOS or Mac OS X host is affected by ... File: macosx_ms17_apr_office.nasl - Type: ACT_GATHER_INFO |
| 2016-09-14 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: smb_nt_ms16-107.nasl - Type: ACT_GATHER_INFO |
| 2016-07-12 | Name: An application installed on the remote Windows host is affected by multiple v... File: smb_nt_ms16-088.nasl - Type: ACT_GATHER_INFO |
| 2015-04-14 | Name: The remote host is affected by multiple remote code execution vulnerabilities. File: smb_nt_ms15-033.nasl - Type: ACT_GATHER_INFO |
| 2015-04-14 | Name: An application installed on the remote Mac OS X host is affected by multiple ... File: macosx_ms15-033_office_2011.nasl - Type: ACT_GATHER_INFO |
| 2013-11-13 | Name: The version of Microsoft Outlook installed on the remote Windows host is affe... File: smb_nt_ms13-094.nasl - Type: ACT_GATHER_INFO |
| 2013-09-11 | Name: The version of Microsoft Office installed on the remote Windows is affected b... File: smb_nt_ms13-068.nasl - Type: ACT_GATHER_INFO |
| 2010-09-14 | Name: The version of Microsoft Office installed on the remote Windows host has a co... File: smb_nt_ms10-064.nasl - Type: ACT_GATHER_INFO |
| 2010-07-13 | Name: The version of Microsoft Office installed on the remote Windows host has a co... File: smb_nt_ms10-045.nasl - Type: ACT_GATHER_INFO |
| 2009-11-06 | Name: It is possible to access a network share. File: smb_accessible_shares_unpriv.nasl - Type: ACT_GATHER_INFO |
| 2007-10-04 | Name: It is possible to log into the remote Windows host with a NULL session. File: smb_null_session.nasl - Type: ACT_GATHER_INFO |
| 2007-02-13 | Name: An application installed on the remote Mac OS X host is affected by multiple ... File: macosx_ms_office_feb2006.nasl - Type: ACT_GATHER_INFO |
| 2007-02-13 | Name: Arbitrary code can be executed on the remote host through Microsoft Office. File: smb_nt_ms07-015.nasl - Type: ACT_GATHER_INFO |
| 2007-01-09 | Name: Arbitrary code can be executed on the remote host through the email client. File: smb_nt_ms07-003.nasl - Type: ACT_GATHER_INFO |
| 2006-10-11 | Name: An application installed on the remote Mac OS X host is affected by multiple ... File: macosx_ms_office_oct2006.nasl - Type: ACT_GATHER_INFO |
| 2006-10-10 | Name: Arbitrary code can be executed on the remote host through Microsoft PowerPoint. File: smb_nt_ms06-058.nasl - Type: ACT_GATHER_INFO |
