漏洞标题
N/A
漏洞描述信息
Microsoft Outlook 8.5 及更早版本,以及 Outlook Express 5 及更早版本,在“自动将我回复的人放入联系人列表”选项启用时,不会通知用户“回执地址”与“发件人地址”不同时,这可能导致不受欢迎的远程攻击者伪造合法地址并拦截旨在另一个用户的客户端的邮件。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Microsoft Outlook和Outlook Express地址伪造漏洞
漏洞描述信息
带有"Automatically put people I reply to in my address book"选项可用的Microsoft Outlook 8.5版本及之前版本,以及Outlook Express 5版本及之前版本在"Reply-To"地址与"From"地址不同时不通告用户,不可信的远程攻击者可以伪造合法地址并且拦截来自为另一个用户所用的客户端的电子邮件。
CVSS信息
N/A
漏洞类别
授权问题