Unrated severityNVD Advisory· Published Jun 5, 2001· Updated Jun 16, 2026
CVE-2001-1088
CVE-2001-1088
Description
Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
13cpe:2.3:a:microsoft:outlook_express:4.0:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:microsoft:outlook_express:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:outlook_express:4.27.3110:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:outlook_express:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:outlook_express:4.72.2106:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:outlook_express:4.72.3120.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:outlook_express:4.72.3612:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:outlook_express:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:outlook_express:5.5:*:*:*:*:*:*:*
- (no CPE)range: <= 5.0
Patches
Vulnerability mechanics
References
4- www.securityfocus.com/archive/1/188752nvdExploitVendor Advisory
- www.securityfocus.com/bid/2823nvdExploitVendor Advisory
- support.microsoft.com/default.aspxnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/6655nvd
News mentions
0No linked articles in our index yet.