CVE-2001-1088 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

source: https://www.securityfocus.com/bid/2823/info Outlook Express is the standard e-mail client that is shipped with Microsoft Windows 9x/ME/NT. The address book in Outlook Express is normally configured to make entries for all addresses that are replied to by the user of the mail client. An attacker may construct a message header that tricks Address Book into making an entry for an untrusted user under the guise of a trusted one. This is done by sending a message with a misleading "From:" field. When the message is replied to then Address Book will make an entry which actually replies to the attacker. Situation: 2 good users Target1 and Target2 with addresses [email protected] and [email protected] and one bad user Attacker, [email protected]. Imagine Attacker wants to get messages Target1 sends to Target2. Scenario: 1. Attacker composes message with headers: From: "[email protected]" <[email protected]> Reply-To: "[email protected]" <[email protected]> To: Target1 <[email protected]> Subject: how to catch you on Friday? and sends it to [email protected] 2. Target1 receives mail, which looks absolutely like mail received from [email protected] and replies it. Reply will be received by Attacker. In this case new entry is created in address book pointing NAME "[email protected]" to ADDRESS [email protected]. 3. Now, if while composing new message Target1 directly types e-mail address [email protected] instead of Target2, Outlook will compose address as "[email protected]" <[email protected]> and message will be received by Attacker.