Published: 05/06/2001 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Microsoft Outlook 8.5 and previous versions, and Outlook Express 5 and previous versions, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote malicious user to spoof legitimate addresses and intercept email from the client that is intended for another user.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft outlook 2000
microsoft outlook express 5.0
microsoft outlook express 4.72.3612
microsoft outlook express 4.5
microsoft outlook express 4.72.3120.0
microsoft outlook express 4.27.3110
microsoft outlook express 4.72.2106
microsoft outlook express 4.0
microsoft outlook 98
microsoft outlook express 5.5
microsoft outlook 97

source: wwwsecurityfocuscom/bid/2823/info Outlook Express is the standard e-mail client that is shipped with Microsoft Windows 9x/ME/NT The address book in Outlook Express is normally configured to make entries for all addresses that are replied to by the user of the mail client An attacker may construct a message header that tricks Ad ...

NVD-CWE-Other http://www.securityfocus.com/archive/1/188752 http://www.securityfocus.com/bid/2823 https://exchange.xforce.ibmcloud.com/vulnerabilities/6655 http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq234241 https://nvd.nist.gov https://www.exploit-db.com/exploits/20899/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2001-1088

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect