← Back

CVE-2001-1088

nvd nist
Published: Jun 5, 2001Modified: Apr 16, 2026

JSON object

Loading...
7.5
Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Exploitability: 10.0 / Impact: 6.4
Source: NVD

Description

Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.

Affected (11)

Microsoft
2 products
Outlook
Outlook Express
Configuration A
11 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Outlook
Version 2000
Outlook
Version 97
Outlook
Version 98
Microsoft
Outlook Express
Version 4.0
Outlook Express
Version 4.27.3110
Outlook Express
Version 4.5
Outlook Express
Version 4.72.2106
Outlook Express
Version 4.72.3120.0
Outlook Express
Version 4.72.3612
Outlook Express
Version 5.0
Outlook Express
Version 5.5

References (8)

Source: cve@mitre.org
Source: cve@mitre.org
ExploitVendor Advisory
Source: cve@mitre.org
ExploitVendor Advisory
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.