• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Outlook 2002 V1 Exchange Server Security Certificate Information Leakage Vulnerability

There is a flaw in the Microsoft Outlook 2002 implementation of message encryption using V1 Exchange Server Security certificates. When configured to use this method, Outlook 2002 fails to correctly encrypt messages. As a result, messages are transferred in plaintext, visible to network eavesdroppers. Furthermore, the user may assume that the message was successfully encrypted.

This issue is reported to occur when Outlook 2002 is used to send HTML e-mail using the certificate.

It should also be noted that the implementation of digital signatures using V1 Exchange Server Security is not affected.