CVE-2001-1088

Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microsoft:outlook:97:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook:98:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook:2000:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook_express:4.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook_express:4.5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook_express:4.27.3110:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook_express:4.72.2106:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook_express:4.72.3120.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook_express:4.72.3612:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook_express:5.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook_express:5.5:*:*:*:*:*:*:*

History

20 Nov 2024, 23:36

Type Values Removed Values Added
References () http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq234241 - () http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq234241 -
References () http://www.securityfocus.com/archive/1/188752 - Exploit, Vendor Advisory () http://www.securityfocus.com/archive/1/188752 - Exploit, Vendor Advisory
References () http://www.securityfocus.com/bid/2823 - Exploit, Vendor Advisory () http://www.securityfocus.com/bid/2823 - Exploit, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/6655 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/6655 -

07 Nov 2023, 01:55

Type Values Removed Values Added
References
  • {'url': 'http://support.microsoft.com/default.aspx?scid=kb;EN-US;q234241', 'name': 'http://support.microsoft.com/default.aspx?scid=kb;EN-US;q234241', 'tags': [], 'refsource': 'CONFIRM'}
  • () http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq234241 -

Information

Published : 2001-06-05 04:00

Updated : 2024-11-20 23:36


NVD link : CVE-2001-1088

Mitre link : CVE-2001-1088

CVE.ORG link : CVE-2001-1088


JSON object : View

Products Affected

microsoft

  • outlook
  • outlook_express