Microsoft Outlook has a design flaw that allows outbound HTTP requests to be made via a simple preview of a mail that is S/MIME-signed.
1ff267973798cd8447b986b796dd166b737f9cbfe9fb69d0bef95485ff36340aProof of concept code for a critical Microsoft Outlook vulnerability for Windows that allows hackers to remotely steal hashed passwords by simply receiving an email.
82650f1794c39715f1ff003f78302ace745bb32d6a7b8594b0d5025474d9963bThis is a whitepaper along with a proof of concept eml file discussing CVE-2020-16947 where a remote code execution vulnerability exists in Microsoft Outlook 2019 version 16.0.13231.20262 when it fails to properly handle objects in memory.
e10886839475e813dff9362bc048392f047b424255b849ca304a468b0daa17a3This is a whitepaper discussing CVE-2020-1349 where a remote code execution vulnerability exists in Microsoft Outlook 2019 version 16.0.12624.20424 when it fails to properly handle objects in memory.
0cbeab94a42718d9dc0fbddcb25e670799fb9171ff9f4aa0d640945941711759Microsoft Outlook Web Access version 14.3.224.2 remote host header injection exploit.
2a045a798379ed94af70c8ea6473d9a34de7eb79dd2b3dbfe41c7f40f2643fb1Microsoft Outlook Web Access build 15.1.1591 suffers from a remote host header injection vulnerability.
3851e7b6f8702511bfebd9d28508518b1088e01005f6b566164e025598a95b29Microsoft Outlook suffers from an HTML email denial of service vulnerability.
df536fb9431470d67b63334422b4fe73505842670e63f7d352a00c5db691b38dMicrosoft Outlook 2010 WriteAV proof of concept crash exploit.
f6751c5e9616b27ce38fd40c1a3c8f84b8face9869f05783abe3be237cbaaa9eMicrosoft Outlook versions 2007 through 2013 suffer from a denial of service vulnerability.
6eca607c56b006c4f7b78e49106b52630cdb96b46ad746d45698cc710486021eA design bug in X.509 certificate chain validation (RFC 3280) allows attackers to trigger (blind) HTTP requests for both external as well as internal IPs if a specially-crafted, S/MIME-signed email is opened in Microsoft Outlook. This issue, which has been originally reported in 2008, has been revisited and timing differences make it possible to identify open and closed ports on internal networks.
9365e6ebb217675995930a39307adaa0068c69e67328ec203f67fb4ba9ac8f00This Metasploit module exploits a stack-based buffer overflow in the handling of the 'pFragments' shape property within the Microsoft Word RTF parser. All versions of Microsoft Office prior to the release of the MS10-087 bulletin are vulnerable. This Metasploit module does not attempt to exploit the vulnerability via Microsoft Outlook. The Microsoft Word RTF parser was only used by default in versions of Microsoft Word itself prior to Office 2007. With the release of Office 2007, Microsoft began using the Word RTF parser, by default, to handle rich-text messages within Outlook as well. It was possible to configure Outlook 2003 and earlier to use the Microsoft Word engine too, but it was not a default setting.
c781a6b1c954888d98e9d2d99bf09fd7064aa318d76af4eac5e983b427860a6bMicrosoft Outlook 2007 suffers from an email file attachment denial of service vulnerability.
5ff440e06d3826b5ad64b771f85361f08fc18abc456122bf32184c64955ed1b7iDefense Security Advisory 11.09.10 - Remote exploitation of a stack buffer overflow vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code under the privileges of the targeted user. This vulnerability specifically exists in the handling of a specific control word in an RTF document. Under certain circumstances, Word will copy its property strings into a stack buffer without checking the length, which causes a stack buffer overflow. iDefense has confirmed the existence of this vulnerability in Microsoft Word 2003, Microsoft Word 2007, and Microsoft Outlook 2007.
d4d9f9e20e9077a6175a55782b57058b141ca5e690b63999ac4ac7d7e985c23aSecunia Research has discovered a vulnerability in Microsoft Outlook, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an integer underflow error when parsing certain content and can be exploited to cause a heap-based buffer overflow via e.g. a specially crafted e-mail message. Successful exploitation may allow execution of arbitrary code, but requires that Outlook is connected to an Exchange server with Online Mode (not default setting for Outlook 2003 and 2007).
3ac2fa8b03f7e0a1eb4436a2b09aa20d22e3ff238856861ce6ed1812b132fe1dSecunia Security Advisory - Secunia Research has discovered a vulnerability in Microsoft Outlook, which can be exploited by malicious people to compromise a user's system.
a5d9ad5004ac3e91b8761bf3fecc511540ab02ec335b51b3102a1b78c0cb3bc3iDefense Security Advisory 08.10.10 - Remote exploitation of a heap buffer overflow vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code under the privileges of the targeted user. This vulnerability specifically exists in the handling of some drawing object control words in an RTF document. Under certain circumstances, Word will copy a property value into a heap buffer without checking the length, which causes a heap buffer overflow. iDefense has confirmed the existence of this vulnerability in Microsoft Word 2003, Microsoft Word 2007, and Microsoft Outlook 2007. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-056.
25855763a2da9fa2593ee54ea20cb23b8412b955183bf26b2866e5577463f29dMicrosoft Outlook Web Access suffers from a cross site request forgery vulnerability.
20a64d1733d26d2779c1f69e6caf1a4a6046ffd19c3c9c8d8b071cfbba17bf8fTechnical Cyber Security Alert 2010-131A - Microsoft has released updates to address vulnerabilities in Microsoft Outlook Express, Microsoft Windows Mail, Microsoft Windows Live Mail, Microsoft Office, and Microsoft Visual Basic for Applications.
734937a93aad140f993320ea92d9ed2ca13f36c93bab8370832391104cef175eSecunia Security Advisory - Francis Provencher has discovered a vulnerability in Microsoft Outlook Express and Windows Mail, which can be exploited by malicious people to potentially compromise a user's system.
15879cbeb82f803e03191b6594e48cbea94dd6465cd367c0d573ac50cfb77cecSQL-Ledger suffers from cross site scripting, cross site request forgery, local file inclusion, SQL injection, and various other security vulnerabilities.
3829bdb05149d1bc7598b7a78e6ebb24bc4dda65fe6aa1226850034c3332a707This Metasploit module exploits a stack overflow in the news reader of Microsoft Outlook Express.
ced8028d9cca6bc9a59d95ef68f3dcde4dd0cf2c66f33c63c215121b9e1bd260CAcert suffered from a cross site scripting vulnerability when parsing a given X.509 certificate.
010dc8224e527b25fcbaf1dd8c4db3d011ad35ad977a4c283f92787b8471e40cTechnical Cyber Security Alert TA08-190A - Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Windows Server, Microsoft SQL Server, and Microsoft Outlook Web Access as part of the Microsoft Security Bulletin Summary for July 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code.
61f052e70c5271ea32d090b24c077157b4b431f86d6b8a2f0e9667574e896b2dSecunia Security Advisory - Two vulnerabilities have been reported in Microsoft Outlook Web Access for Exchange Server, which can be exploited by malicious people to conduct script insertion attacks.
80bce2f7f5cf1670202bfa7af198a012206976011576dc55da9eee35f05dc8a6Opera versions below 9.25 are susceptible to a heap-based buffer overflow that allows for a denial of service and possibly code execution.
f6dc341cce8dd3f5bc84c05a0c44cde29463acefebfde3867a34bf222e7aabf7Apache-SSL versions prior to apache_1.3.41+ssl_1.59 suffer from a memory disclosure vulnerability that may allow for privilege escalation.
39036c5cb769695609adfa378084ea68badbe067b04e9ae812fda9a39d1ed918
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed