Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1088

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1088
Last Modified 05 Sep 2008 04:25:39
Published 05 Jun 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1088

Summary

Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.

Vulnerable Systems

Application

  • Microsoft Outlook 2000

  • Microsoft Outlook 97

  • Microsoft Outlook 98

  • Microsoft Outlook Express 4.0

  • Microsoft Outlook Express 4.27.3110

  • Microsoft Outlook Express 4.5

  • Microsoft Outlook Express 4.72.2106

  • Microsoft Outlook Express 4.72.3120.0

  • Microsoft Outlook Express 4.72.3612

  • Microsoft Outlook Express 5.0

  • Microsoft Outlook Express 5.5


References

XF - outlook-address-book-spoofing(6655)

BID - 2823

BUGTRAQ - 20010605 SECURITY.NNOV: Outlook Express address book spoofing

CONFIRM - http://support.microsoft.com/default.aspx?scid=kb;EN-US;q234241


Last Updated: 27 May 2016 10:36:31