Lucene search

[email protected]CVE-2001-1088

HistoryJun 25, 2002 - 4:00 a.m.

CVE-2001-1088

2002-06-2504:00:00

[email protected]

web.nvd.nist.gov

microsoft outlook

outlook express

email spoofing

remote attack

address spoofing

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.036 Low

EPSS

Percentile

91.7%

JSON

Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the “Automatically put people I reply to in my address book” option enabled, do not notify the user when the “Reply-To” address is different than the “From” address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.

Affected configurations

NVD

Node

microsoftoutlookMatch97

microsoftoutlookMatch98

microsoftoutlookMatch2000

microsoftoutlook_expressMatch4.0

microsoftoutlook_expressMatch4.5

microsoftoutlook_expressMatch4.27.3110

microsoftoutlook_expressMatch4.72.2106

microsoftoutlook_expressMatch4.72.3120.0

microsoftoutlook_expressMatch4.72.3612

microsoftoutlook_expressMatch5.0

microsoftoutlook_expressMatch5.5

CPENameOperatorVersion
microsoft:outlookmicrosoft outlookeq97
microsoft:outlookmicrosoft outlookeq98
microsoft:outlookmicrosoft outlookeq2000
microsoft:outlook_expressmicrosoft outlook expresseq4.0
microsoft:outlook_expressmicrosoft outlook expresseq4.5
microsoft:outlook_expressmicrosoft outlook expresseq4.27.3110
microsoft:outlook_expressmicrosoft outlook expresseq4.72.2106
microsoft:outlook_expressmicrosoft outlook expresseq4.72.3120.0
microsoft:outlook_expressmicrosoft outlook expresseq4.72.3612
microsoft:outlook_expressmicrosoft outlook expresseq5.0

CPE	Name	Operator	Version
microsoft:outlook	microsoft outlook	eq	97
microsoft:outlook	microsoft outlook	eq	98
microsoft:outlook	microsoft outlook	eq	2000
microsoft:outlook_express	microsoft outlook express	eq	4.0
microsoft:outlook_express	microsoft outlook express	eq	4.5
microsoft:outlook_express	microsoft outlook express	eq	4.27.3110
microsoft:outlook_express	microsoft outlook express	eq	4.72.2106
microsoft:outlook_express	microsoft outlook express	eq	4.72.3120.0
microsoft:outlook_express	microsoft outlook express	eq	4.72.3612
microsoft:outlook_express	microsoft outlook express	eq	5.0

Rows per page:

1-10 of 111

References

support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq234241

www.securityfocus.com/archive/1/188752

www.securityfocus.com/bid/2823

exchange.xforce.ibmcloud.com/vulnerabilities/6655

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.036 Low

EPSS

Percentile

91.7%

JSON

Related for CVE-2001-1088

cvelist1 nvd1