Microsoft Outlook和Outlook Express地址伪造漏洞

Microsoft Outlook和Outlook Express地址伪造漏洞

漏洞ID 1106370 漏洞类型 未知
发布时间 2001-06-05 更新时间 2005-10-12
图片[1]-Microsoft Outlook和Outlook Express地址伪造漏洞-安全小百科CVE编号 CVE-2001-1088
图片[2]-Microsoft Outlook和Outlook Express地址伪造漏洞-安全小百科CNNVD-ID CNNVD-200106-052
漏洞平台 Windows CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/20899
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200106-052
|漏洞详情
带有”AutomaticallyputpeopleIreplytoinmyaddressbook”选项可用的MicrosoftOutlook8.5版本及之前版本,以及OutlookExpress5版本及之前版本在”Reply-To”地址与”From”地址不同时不通告用户,不可信的远程攻击者可以伪造合法地址并且拦截来自为另一个用户所用的客户端的电子邮件。
|漏洞EXP
source: http://www.securityfocus.com/bid/2823/info

Outlook Express is the standard e-mail client that is shipped with Microsoft Windows 9x/ME/NT.

The address book in Outlook Express is normally configured to make entries for all addresses that are replied to by the user of the mail client. An attacker may construct a message header that tricks Address Book into making an entry for an untrusted user under the guise of a trusted one. This is done by sending a message with a misleading "From:" field. When the message is replied to then Address Book will make an entry which actually replies to the attacker. 

Situation: 2 good users Target1 and Target2 with addresses [email protected] and
[email protected] and one bad user Attacker, [email protected]. Imagine Attacker wants to get
messages Target1 sends to Target2. Scenario:

1. Attacker composes message with headers:

From: "[email protected]" <[email protected]>
Reply-To: "[email protected]" <[email protected]>
To: Target1 <[email protected]>
Subject: how to catch you on Friday?

and sends it to [email protected]

2. Target1 receives mail, which looks absolutely like mail received from
[email protected] and replies it. Reply will be received by Attacker. In this case
new entry is created in address book pointing NAME "[email protected]" to
ADDRESS [email protected].

3. Now, if while composing new message Target1 directly types e-mail
address [email protected] instead of Target2, Outlook will compose address as
"[email protected]" <[email protected]> and message will be received by Attacker.
|参考资料

来源:XF
名称:outlook-address-book-spoofing(6655)
链接:http://xforce.iss.net/static/6655.php
来源:BID
名称:2823
链接:http://www.securityfocus.com/bid/2823
来源:BUGTRAQ
名称:20010605SECURITY.NNOV:OutlookExpressaddressbookspoofing
链接:http://www.securityfocus.com/archive/1/188752
来源:support.microsoft.com
链接:http://support.microsoft.com/default.aspx?scid=kb;EN-US;q234241

相关推荐: Solaris nis_cachemgr Vulnerability

Solaris nis_cachemgr Vulnerability 漏洞ID 1105107 漏洞类型 Design Error 发布时间 1997-03-27 更新时间 1997-03-27 CVE编号 N/A CNNVD-ID N/A 漏洞平台 N/A …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享