CVE-2001-1088

N/A Unknown
Published: June 05, 2001 Modified: April 16, 2026
View on NVD

Description

Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq234241
Source: cve@mitre.org
http://www.securityfocus.com/archive/1/188752
Source: cve@mitre.org
Exploit Vendor Advisory
http://www.securityfocus.com/bid/2823
Source: cve@mitre.org
Exploit Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/6655
Source: cve@mitre.org
http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq234241
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/188752
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Vendor Advisory
http://www.securityfocus.com/bid/2823
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/6655
Source: af854a3a-2127-422b-91ae-364da2661108

8 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
35.6%
97th percentile
Exploitation Status
Not in CISA KEV

Affected Vendors

microsoft