[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Microsoft Outlook Vulnerability: S/MIME Loss of Integrity

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Microsoft Outlook Vulnerability: S/MIME Loss of Integrity
From: Defence in Depth <defenceindepth@xxxxxxxxx>
Date: Sun, 16 Jun 2013 00:51:10 +0930

** Attention script bunnies: This is not an RCE, XSS, etc. Please move
along :) **

Microsoft Outlook (all versions) suffers from an S/MIME loss of integrity
issue.
Outlook does not warn against a digitally signed MIME message whose X509
EmailAddress attribute does not match the mail's "From" address.

Full details:
http://www.defenceindepth.net/2013/06/smime-bucking-phishing-trend.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Microsoft Outlook Vulnerability: S/MIME Loss of Integrity
  - From: Valdis . Kletnieks

Prev by Date: [Full-disclosure] Various vulnerabilities on dreamhack related sites
Next by Date: [Full-disclosure] DoS vulnerability in Mozilla Firefox and Microsoft Internet Explorer
Previous by thread: [Full-disclosure] Various vulnerabilities on dreamhack related sites
Next by thread: Re: [Full-disclosure] Microsoft Outlook Vulnerability: S/MIME Loss of Integrity
Index(es):
- Date
- Thread