Vulnerabilities > CVE-2001-1088 - Unspecified vulnerability in Microsoft Outlook and Outlook Express

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

microsoft

exploit available

NVD

Published: 2001-06-05

Updated: 2023-11-07

Summary

Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Outlook 2000 Microsoft Outlook 98 Microsoft Outlook 97 Microsoft Outlook Express 5.0 Microsoft Outlook Express 4.72.3612 Microsoft Outlook Express 4.5 Microsoft Outlook Express 4.72.3120.0 Microsoft Outlook Express 4.27.3110 Microsoft Outlook Express 4.72.2106 Microsoft Outlook Express 4.0 Microsoft Outlook Express 5.5	11

Exploit-Db

description	Microsoft Outlook 97/98/2000/4/5 Address Book Spoofing Vulnerability. CVE-2001-1088. Remote exploit for windows platform
id	EDB-ID:20899
last seen	2016-02-02
modified	2001-06-05
published	2001-06-05
reporter	3APA3A
source	https://www.exploit-db.com/download/20899/
title	Microsoft Outlook 97/98/2000/4/5 Address Book Spoofing Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References