CVE-2001-1088

2001-06-05T04:00:00
ID CVE-2001-1088
Type cve
Reporter cve@mitre.org
Modified 2017-10-10T01:29:00

Description

Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.