Vulnerabilities > CVE-2001-1088 - Unspecified vulnerability in Microsoft Outlook and Outlook Express

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

microsoft

exploit available

NVD

Published: 2001-06-05

Updated: 2017-10-10

Summary

Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Outlook 97 Microsoft Outlook 98 Microsoft Outlook 2000 Microsoft Outlook Express 4.0 Microsoft Outlook Express 4.5 Microsoft Outlook Express 4.27.3110 Microsoft Outlook Express 4.72.2106 Microsoft Outlook Express 4.72.3120.0 Microsoft Outlook Express 4.72.3612 Microsoft Outlook Express 5.0 Microsoft Outlook Express 5.5	11

Exploit-Db

description	Microsoft Outlook 97/98/2000/4/5 Address Book Spoofing Vulnerability. CVE-2001-1088. Remote exploit for windows platform
id	EDB-ID:20899
last seen	2016-02-02
modified	2001-06-05
published	2001-06-05
reporter	3APA3A
source	https://www.exploit-db.com/download/20899/
title	Microsoft Outlook 97/98/2000/4/5 Address Book Spoofing Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References