CVE-2001-1088

CVE Database · CVE-2001-1088

CVE-2001-1088

· N/AModified

CVSS v3.1

N/A

EPSS

19.71%

Published

Jun 5, 2001

Modified

Apr 15, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft Outlook 97/98/2000/4/5 - Address Book Spoofing TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.

Affected Products (11)

microsoft · outlookvulnerable

microsoft · outlook_expressvulnerable

References (8)

http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq234241

http://www.securityfocus.com/archive/1/188752

ExploitVendor Advisory

http://www.securityfocus.com/bid/2823

ExploitVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/6655

http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq234241

http://www.securityfocus.com/archive/1/188752

ExploitVendor Advisory

http://www.securityfocus.com/bid/2823

ExploitVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs