Microsoft Outlook
21 CVEs affecting Microsoft Outlook. Latest disclosed: 2026-05-12. Critical: 0, High: 11.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-30103 | High | 8.8 | 2024-06-11 | Microsoft Outlook Remote Code Execution Vulnerability |
CVE-2025-21361 | High | 7.8 | 2025-01-14 | Microsoft Outlook Remote Code Execution Vulnerability |
CVE-2017-8663 | High | 7.8 | 2017-08-01 | Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a remote code exec… |
CVE-2017-8571 | High | 7.8 | 2017-08-01 | Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature… |
CVE-2017-8507 | High | 7.8 | 2017-06-15 | A remote code execution vulnerability exists in the way Microsoft Office software parses specially crafted email messages, aka "Microsoft Office Memory Corrupt… |
CVE-2017-8506 | High | 7.8 | 2017-06-15 | A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Executio… |
CVE-2017-0106 | High | 7.8 | 2017-04-12 | Microsoft Excel 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to execute arbitrary code o… |
CVE-2016-3278 | High | 7.8 | 2016-07-13 | Microsoft Outlook 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Off… |
CVE-2017-11776 | High | 7.5 | 2017-10-13 | Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka "Microsoft Outlook I… |
CVE-2026-42893 | High | 7.4 | 2026-05-12 | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a… |
CVE-2024-42220 | High | 7.1 | 2024-12-18 | A library injection vulnerability exists in Microsoft Outlook 16.83.3 for macOS. A specially crafted library can leverage Outlook's access privileges, leading… |
CVE-2017-8545 | Medium | 6.5 | 2017-06-15 | A spoofing vulnerability exists in when Microsoft Outlook for Mac does not sanitize html properly, aka "Microsoft Outlook for Mac Spoofing Vulnerability". |
CVE-2017-0207 | Medium | 6.5 | 2017-04-12 | Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka "Microsoft Browser Spoofing Vulner… |
CVE-2016-3366 | Medium | 6.5 | 2016-09-14 | Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, Outlook 2016, and Outlook 2016 for Mac do not properly implement RFC 2046… |
CVE-2017-8572 | Medium | 5.5 | 2017-08-01 | Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information dis… |
CVE-2017-8508 | Medium | 5.5 | 2017-06-15 | A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats, aka "Microsoft Office Secur… |
CVE-2017-0204 | Medium | 5.5 | 2017-04-12 | Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Prot… |
CVE-2013-3905 | | 2013-11-13 | Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attacke… | |
CVE-2013-3870 | | 2013-09-11 | Double free vulnerability in Microsoft Outlook 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to execute arbitrary code by including many nested S/MIME… | |
CVE-2010-2728 | | 2010-09-15 | Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers t… |