Bugtraq mailing list archives
Re: Outlook 98 allows spoofing internal users
From: toby () PEOPLESEARCH COM AU (Toby Chamberlain)
Date: Wed, 5 May 1999 11:05:03 +1000
Howdy, I _was_ able to reproduce the exploit to great effect... I created a perl script to automate the process, passed it on to the office clown and had a great time listening to the varied match-making arrangements he set up. The problem seems to be that Outlook (in the default setup) hides the address part of the reply-to header when using it to create the value to put in the "To" box of the reply. A reply-to header of "John Smith <jsmith () work com au>" shows up as simply "John Smith" in the "To:" box when you hit reply... but of course so does "John Smith <merry_prankster () work com au>". The other mail readers I tested it on (Hotmail and Netscape Messenger) showed the reply-to header in full. Cheers Toby
Hi Nate, I was not able to reproduce the exploit that you reported to the bugtraq mailing list. Outlook98 did exactly what I expected: when I open the mail, I see the "From:"-header in the message. When I reply to the email, Outlook takes the "Reply-To:"-address of the header. Which version of Outlook did you test? Best Regards, Sebastian PS: your "quick script" has a little bug: the header entry should be "Reply-To:" instead of "Reply To:".
Current thread:
- Re: Outlook 98 allows spoofing internal users Sebastian Schreiber (May 02)
- <Possible follow-ups>
- Re: Outlook 98 allows spoofing internal users Toby Chamberlain (May 04)
- Re: Outlook 98 allows spoofing internal users Russ Johnson (May 06)