Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Microsoft Multiple Email Client

  • Please log in to reply
No replies to this topic

#1 Aditya


  • Members
  • 8 posts
  • Local time:01:01 AM

Posted 09 May 2005 - 07:11 AM

iDEFENSE Security Advisory

Microsoft Outlook provides an integrated solution for managing and
organizing e-mail messages, schedules, tasks, notes, contacts, and
information. More information is available at



Remote exploitation of an address spoofing vulnerability in various
Microsoft Corp. e-mail clients could allow attackers to social engineer
sensitive information from end users.

Microsoft Outlook and Microsoft Outlook Web Access (OWA) are widely
deployed collaboration clients in corporate networks. The vulnerability
specifically exists in message header parsing and allows an attacker to
spoof the "From" field that is displayed on the user's screen. Within
the SMTP header, when the From field contains multiple comma-separated
addresses, Outlook and OWA will only display the first address.
the following example header:

From: support@your.company, Phisher <phisher@attackers.domain>

Outlook and OWA will only display the address "support@your.company" as
the sender address.


While server-side e-mail spoofing is a known matter, this issue is
relevant as it exists within the client. Consider the following
A corporate SMTP server is configured to drop all mail received from
external network claiming to be from an internal address. By exploiting
this issue, an attacker can bypass the imposed restrictions and
a message that appears to come from an internal user. This attack,
combined with social engineering, could potentially lead to further


Microsoft Outlook as distributed with Office XP and 2003 as well as
Outlook Web Access as distributed with Exchange 2003 have been
as vulnerable. Prior versions are suspected to be affected as well.

Microsoft Outlook Express is not affected by this issue.


BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users