7.5

CVE-2001-1088

Exploit

EPSS 35.4%
Veröffentlicht 05.06.2001 04:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Outlook Version97

Microsoft ≫ Outlook Version98

Microsoft ≫ Outlook Version2000

Microsoft ≫ Outlook Express Version4.0

Microsoft ≫ Outlook Express Version4.5

Microsoft ≫ Outlook Express Version4.27.3110

Microsoft ≫ Outlook Express Version4.72.2106

Microsoft ≫ Outlook Express Version4.72.3120.0

Microsoft ≫ Outlook Express Version4.72.3612

Microsoft ≫ Outlook Express Version5.0

Microsoft ≫ Outlook Express Version5.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	35.4%	0.969

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq234241

http://www.securityfocus.com/archive/1/188752

Vendor Advisory

Exploit

http://www.securityfocus.com/bid/2823

Vendor Advisory

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/6655

https://nvd.nist.gov/vuln/detail/CVE-2001-1088

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2001-1088

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2001-1088

EUVD