In SecurityFocus’ Bugtraq, Mike Benham reports on how Microsoft Outlook is also vulnerable to the certificate chain spoofing attack he identified earlier.
Outlook’s S/MIME implementation is vulnerable to the certificate chain
spoofing attack, despite Microsoft’s claim that IE is the only affected
application. The vulnerability allows anyone to forge the digital
signature on an email that is to be viewed with Outlook. No warnings are
given, no dialogs are shown.