7.5

CVE-2001-1088

Exploit

EPSS 47.82%
Veröffentlicht 05.06.2001 04:00:00
Zuletzt bearbeitet 16.04.2026 00:27:16
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

NVD 11 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Outlook Version97

Microsoft ≫ Outlook Version98

Microsoft ≫ Outlook Version2000

Microsoft ≫ Outlook Express Version4.0

Microsoft ≫ Outlook Express Version4.5

Microsoft ≫ Outlook Express Version4.27.3110

Microsoft ≫ Outlook Express Version4.72.2106

Microsoft ≫ Outlook Express Version4.72.3120.0

Microsoft ≫ Outlook Express Version4.72.3612

Microsoft ≫ Outlook Express Version5.0

Microsoft ≫ Outlook Express Version5.5

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	47.82%	0.977

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq234241

http://www.securityfocus.com/archive/1/188752

Vendor Advisory

Exploit

http://www.securityfocus.com/bid/2823

Vendor Advisory

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/6655

https://nvd.nist.gov/vuln/detail/CVE-2001-1088

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2001-1088

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2001-1088

EUVD