Microsoft Outlook 8.5 and previous versions, and Outlook Express 5 and previous versions, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote malicious user to spoof legitimate addresses and intercept email from the client that is intended for another user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft outlook 2000 |
||
microsoft outlook express 5.0 |
||
microsoft outlook express 4.72.3612 |
||
microsoft outlook express 4.5 |
||
microsoft outlook express 4.72.3120.0 |
||
microsoft outlook express 4.27.3110 |
||
microsoft outlook express 4.72.2106 |
||
microsoft outlook express 4.0 |
||
microsoft outlook 98 |
||
microsoft outlook express 5.5 |
||
microsoft outlook 97 |