Outlook
Monthly
Outlook Password Recovery 2.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. [CVSS 6.2 MEDIUM]
SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can overwrite the buffer by pasting 1000 'A' characters into the 'Name' field, causing the application to become unresponsive. [CVSS 7.5 HIGH]
Microsoft Outlook's unsafe deserialization of untrusted data enables remote attackers to spoof messages and identities without authentication over the network. This vulnerability affects Outlook, Word, and Microsoft 365 Apps, allowing attackers to impersonate legitimate senders and deceive users. No patch is currently available, making this a high-risk threat requiring immediate defensive measures.
Information disclosure in Microsoft Outlook, SharePoint Server, Office, and 365 Apps enables remote attackers to conduct email spoofing attacks without authentication or user interaction. The vulnerability affects multiple Microsoft collaboration products and could allow threat actors to impersonate legitimate senders to compromise organizational security. No patch is currently available for this high-severity issue.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Local code execution vulnerability in Microsoft Office Outlook triggered by improper path traversal handling (CWE-35) in the '.../...//' sequence. Authorized users with local access can exploit this to execute arbitrary code with the privileges of the Outlook process, achieving high confidentiality, integrity, and availability impact. This vulnerability requires local access and existing user privileges but no user interaction, making it a significant risk for multi-user systems or compromised local accounts.
Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.
Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Microsoft Outlook Spoofing Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Outlook Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Microsoft Outlook Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.7). This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.
Outlook Password Recovery 2.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. [CVSS 6.2 MEDIUM]
SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can overwrite the buffer by pasting 1000 'A' characters into the 'Name' field, causing the application to become unresponsive. [CVSS 7.5 HIGH]
Microsoft Outlook's unsafe deserialization of untrusted data enables remote attackers to spoof messages and identities without authentication over the network. This vulnerability affects Outlook, Word, and Microsoft 365 Apps, allowing attackers to impersonate legitimate senders and deceive users. No patch is currently available, making this a high-risk threat requiring immediate defensive measures.
Information disclosure in Microsoft Outlook, SharePoint Server, Office, and 365 Apps enables remote attackers to conduct email spoofing attacks without authentication or user interaction. The vulnerability affects multiple Microsoft collaboration products and could allow threat actors to impersonate legitimate senders to compromise organizational security. No patch is currently available for this high-severity issue.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Local code execution vulnerability in Microsoft Office Outlook triggered by improper path traversal handling (CWE-35) in the '.../...//' sequence. Authorized users with local access can exploit this to execute arbitrary code with the privileges of the Outlook process, achieving high confidentiality, integrity, and availability impact. This vulnerability requires local access and existing user privileges but no user interaction, making it a significant risk for multi-user systems or compromised local accounts.
Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.
Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Microsoft Outlook Spoofing Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Outlook Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Microsoft Outlook Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.7). This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.