CVE-2001-1088

Name of the Vulnerable Software and Affected Versions Microsoft Outlook versions 8.5 and earlier Microsoft Outlook Express versions 5 and earlier

Description The issue concerns a scenario where an untrusted remote attacker could potentially spoof legitimate addresses and intercept email. This is possible because the software does not notify the user when the Reply-To address differs from the From address, given that the "Automatically put people I reply to in my address book" option is enabled.

Recommendations For Microsoft Outlook versions 8.5 and earlier, disable the "Automatically put people I reply to in my address book" option to prevent address book modifications by potentially spoofed emails. For Microsoft Outlook Express versions 5 and earlier, disable the "Automatically put people I reply to in my address book" option to minimize the risk of intercepting emails intended for other users.