• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Microsoft Outlook Express Address Book Spoofing Vulnerability

Severity: MODERATE

Description:

Outlook Express is the standard e-mail client that is shipped with Microsoft Windows 9x/ME/NT.

The address book in Outlook Express is normally configured to make entries for all addresses that are replied to by the user of the mail client. An attacker may construct a message header that tricks Address Book into making an entry for an untrusted user under the guise of a trusted one.

The "From:" field has this format: name <emailaddress>.

If the name is of a trusted user and the address is of the attacker and the message is replied to, then Address Book makes a misleading entry under the name of the trusted user.
All mail sent using the Address Book entry will be intercepted by the attacker.

This vulnerability can lead to further social engineering attacks.

Affected Products:

• Microsoft Internet Explorer 5.0.1
• Microsoft Internet Explorer 5.0.1 for Windows 2000
• Microsoft Internet Explorer 5.0.1 for Windows 95
• Microsoft Internet Explorer 5.0.1 for Windows 98
• Microsoft Internet Explorer 5.0.1 for Windows NT 4.0
• Microsoft Internet Explorer 5.5
• Microsoft Outlook 2000 0.0.0
• Microsoft Outlook 97 0.0.0
• Microsoft Outlook 97 8.2.4212
• Microsoft Outlook 98 0.0.0
• Microsoft Outlook Express 4.27.3110
• Microsoft Outlook Express 4.72.2106
• Microsoft Outlook Express 4.72.3120
• Microsoft Outlook Express 4.72.3612
• Microsoft Outlook Express 5.5.0
• Microsoft Outlook Express for MacOS 4.5.0
• Microsoft Outlook Express for MacOS 5.0.0

References:

• SECURITY.NNOV: Microsoft Outlook Express address book vulnerability

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.