Mike Benham: Microsoft Outlook S/MIME vulnerability

In SecurityFocus’ Bugtraq, Mike Benham reports on how Microsoft Outlook is also vulnerable to the certificate chain spoofing attack he identified earlier.

Outlook’s S/MIME implementation is vulnerable to the certificate chain
spoofing attack
, despite Microsoft’s claim that IE is the only affected
application. The vulnerability allows anyone to forge the digital
signature on an email that is to be viewed with Outlook. No warnings are
given, no dialogs are shown.

Microsoft responded to the earlier vulnerability. William Crawford has posted a comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.