CVE-2001-1088 : Detail

CVE-2001-1088

21.64%V3
Network
2002-06-25
02h00 +00:00
2002-03-22
09h00 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 20899

Publication date : 2001-06-04 22h00 +00:00
Author : 3APA3A
EDB Verified : Yes

source: https://www.securityfocus.com/bid/2823/info Outlook Express is the standard e-mail client that is shipped with Microsoft Windows 9x/ME/NT. The address book in Outlook Express is normally configured to make entries for all addresses that are replied to by the user of the mail client. An attacker may construct a message header that tricks Address Book into making an entry for an untrusted user under the guise of a trusted one. This is done by sending a message with a misleading "From:" field. When the message is replied to then Address Book will make an entry which actually replies to the attacker. Situation: 2 good users Target1 and Target2 with addresses target1@example.com and target2@example.com and one bad user Attacker, attacker@example.com. Imagine Attacker wants to get messages Target1 sends to Target2. Scenario: 1. Attacker composes message with headers: From: "target2@example.com" <attacker@example.com> Reply-To: "target2@example.com" <attacker@example.com> To: Target1 <target1@example.com> Subject: how to catch you on Friday? and sends it to target1@example.com 2. Target1 receives mail, which looks absolutely like mail received from target2@example.com and replies it. Reply will be received by Attacker. In this case new entry is created in address book pointing NAME "target2@example.com" to ADDRESS attacker@example.com. 3. Now, if while composing new message Target1 directly types e-mail address target2@example.com instead of Target2, Outlook will compose address as "target2@example.com" <attacker@example.com> and message will be received by Attacker.

Products Mentioned

Configuraton 0

Microsoft>>Outlook >> Version 97

Microsoft>>Outlook >> Version 98

Microsoft>>Outlook >> Version 2000

Microsoft>>Outlook_express >> Version 4.0

Microsoft>>Outlook_express >> Version 4.5

Microsoft>>Outlook_express >> Version 4.27.3110

    Microsoft>>Outlook_express >> Version 4.72.2106

      Microsoft>>Outlook_express >> Version 4.72.3120.0

      Microsoft>>Outlook_express >> Version 4.72.3612

        Microsoft>>Outlook_express >> Version 5.0

        Microsoft>>Outlook_express >> Version 5.5

        References

        http://www.securityfocus.com/archive/1/188752
        Tags : mailing-list, x_refsource_BUGTRAQ
        http://www.securityfocus.com/bid/2823
        Tags : vdb-entry, x_refsource_BID