Microsoft Crypto API X.509 Certificate Validation Remote Information Disclosure Vulnerability

The following Office document will trigger HTTP requests to an external webserver.

The referenced advisories also state that sending a blank email to <smime-http@klink.name> will result in a reply email that is S/MIME-encoded in a manner that also triggers the issue.

Symantec has not validated the safety of the document or email, so users should take appropriate precautions for handling potentially malicious content.


 

Privacy Statement
Copyright 2010, SecurityFocus