CVE-2001-1088

Microsoft Outlook <8.5 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-1088. PoCs published by 3APA3A.

AI-analyzed exploit summary This is a writeup describing a spoofing vulnerability in Outlook Express where an attacker can manipulate email headers to trick the address book into associating a trusted name with an untrusted email address. The exploit relies on social engineering and misleading 'From' and 'Reply-To' fields.

Description

Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.

Exploits (1)

exploitdb WRITEUP VERIFIED
by 3APA3A · textremotewindows
https://www.exploit-db.com/exploits/20899

This is a writeup describing a spoofing vulnerability in Outlook Express where an attacker can manipulate email headers to trick the address book into associating a trusted name with an untrusted email address. The exploit relies on social engineering and misleading 'From' and 'Reply-To' fields.

Classification
Writeup 100%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Outlook Express (versions shipped with Windows 9x/ME/NT)
No auth needed
Prerequisites: Victim must reply to the spoofed email · Victim must use Outlook Express with default address book settings
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/188752
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6655
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2823

Scores

EPSS 0.1971
EPSS Percentile 97.1%

Details

Status published
Products (11)
microsoft/outlook 97
microsoft/outlook 98
microsoft/outlook 2000
microsoft/outlook_express 4.0
microsoft/outlook_express 4.5
microsoft/outlook_express 4.27.3110
microsoft/outlook_express 4.72.2106
microsoft/outlook_express 4.72.3120.0
microsoft/outlook_express 4.72.3612
microsoft/outlook_express 5.0
... and 1 more
Published Jun 05, 2001
Tracked Since Feb 18, 2026