CVE-2001-1088
CVSS7.5
发布时间 :2001-06-05 00:00:00
修订时间 :2008-09-05 16:25:39
NMCOE    

[原文]Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.


[CNNVD]Microsoft Outlook和Outlook Express地址伪造漏洞(CNNVD-200106-052)

        带有"Automatically put people I reply to in my address book"选项可用的Microsoft Outlook 8.5版本及之前版本,以及Outlook Express 5版本及之前版本在"Reply-To"地址与"From"地址不同时不通告用户,不可信的远程攻击者可以伪造合法地址并且拦截来自为另一个用户所用的客户端的电子邮件。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:outlook_express:4.5Microsoft outlook_express 4.5
cpe:/a:microsoft:outlook_express:4.0Microsoft outlook_express 4.0
cpe:/a:microsoft:outlook_express:4.72.3120.0Microsoft outlook_express 4.72.3120
cpe:/a:microsoft:outlook:97Microsoft Outlook 97
cpe:/a:microsoft:outlook_express:4.72.3612
cpe:/a:microsoft:outlook_express:4.72.2106
cpe:/a:microsoft:outlook_express:5.0Microsoft outlook_express 5.0
cpe:/a:microsoft:outlook:98Microsoft Outlook 98
cpe:/a:microsoft:outlook_express:5.5Microsoft outlook_express 5.5
cpe:/a:microsoft:outlook_express:4.27.3110
cpe:/a:microsoft:outlook:2000Microsoft Outlook 2000

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1088
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1088
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200106-052
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/static/6655.php
(VENDOR_ADVISORY)  XF  outlook-address-book-spoofing(6655)
http://www.securityfocus.com/bid/2823
(VENDOR_ADVISORY)  BID  2823
http://www.securityfocus.com/archive/1/188752
(VENDOR_ADVISORY)  BUGTRAQ  20010605 SECURITY.NNOV: Outlook Express address book spoofing
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q234241
(UNKNOWN)  CONFIRM  http://support.microsoft.com/default.aspx?scid=kb;EN-US;q234241

- 漏洞信息

Microsoft Outlook和Outlook Express地址伪造漏洞
高危 未知
2001-06-05 00:00:00 2005-10-12 00:00:00
远程  
        带有"Automatically put people I reply to in my address book"选项可用的Microsoft Outlook 8.5版本及之前版本,以及Outlook Express 5版本及之前版本在"Reply-To"地址与"From"地址不同时不通告用户,不可信的远程攻击者可以伪造合法地址并且拦截来自为另一个用户所用的客户端的电子邮件。

- 公告与补丁

        

- 漏洞信息 (20899)

Microsoft Outlook 97/98/2000/4/5 Address Book Spoofing Vulnerability (EDBID:20899)
windows remote
2001-06-05 Verified
0 3APA3A
N/A [点击下载]
source: http://www.securityfocus.com/bid/2823/info

Outlook Express is the standard e-mail client that is shipped with Microsoft Windows 9x/ME/NT.

The address book in Outlook Express is normally configured to make entries for all addresses that are replied to by the user of the mail client. An attacker may construct a message header that tricks Address Book into making an entry for an untrusted user under the guise of a trusted one. This is done by sending a message with a misleading "From:" field. When the message is replied to then Address Book will make an entry which actually replies to the attacker. 

Situation: 2 good users Target1 and Target2 with addresses target1@example.com and
target2@example.com and one bad user Attacker, attacker@example.com. Imagine Attacker wants to get
messages Target1 sends to Target2. Scenario:

1. Attacker composes message with headers:

From: "target2@example.com" <attacker@example.com>
Reply-To: "target2@example.com" <attacker@example.com>
To: Target1 <target1@example.com>
Subject: how to catch you on Friday?

and sends it to target1@example.com

2. Target1 receives mail, which looks absolutely like mail received from
target2@example.com and replies it. Reply will be received by Attacker. In this case
new entry is created in address book pointing NAME "target2@example.com" to
ADDRESS attacker@example.com.

3. Now, if while composing new message Target1 directly types e-mail
address target2@example.com instead of Target2, Outlook will compose address as
"target2@example.com" <attacker@example.com> and message will be received by Attacker. 		

- 漏洞信息

1852
Microsoft Outlook Address Book Spoofing Weakness
Context Dependent Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

- 时间线

2001-06-05 Unknow
2001-06-05 Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站