Release date:
Updated on: 2013-06-20
Affected Systems:
Microsoft Outlook
Description:
--------------------------------------------------------------------------------
Bugtraq id: 60591
Microsoft Outlook is the mail client bound to the Office suite.
All Microsoft Outlook versions have incomplete S/MIME content. Outlook does not issue a warning when the X509 EmailAddress attribute does not match the "From" address's digital signature MIME mail. Attackers can exploit this vulnerability to initiate phishing attacks.
<* Source: Patrick Dunstan
Link: http://seclists.org/fulldisclosure/2013/Jun/138
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Microsoft
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://technet.microsoft.com/security/bulletin/