CVE-2001-1099

Name of the Vulnerable Software and Affected Versions Norton AntiVirus for Microsoft Exchange 2000 versions 2.x

Description The default configuration of the software allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content. This malicious content includes the path in the rejection notice, potentially exposing sensitive information.

Recommendations For versions 2.x, consider reconfiguring the software to prevent it from including the INBOX file path in rejection notices for emails with malicious attachments. As a temporary workaround, restrict access to the email system to minimize the risk of exploitation.