Thomas,
> Since the failure of checking certificate chain correctly seems to be
> buried deeper in windows (maybe in some DLL? some info from
> microsoft would be greatly appreciated [...]
The CryptoAPI function CertVerifyCertificateChainPolicy() could be an
interesting starting point. However,
On Tuesday, September 3, 2002, at 09:06 AM, Thomas Seliger wrote:
> Since the failure of checking certificate chain correctly seems to be
> buried deeper in windows (maybe in some DLL? some info from microsoft
> would be greatly appreciated, but their security offensive seems to be
> hot air a
Since the failure of checking certificate chain correctly seems to be
buried deeper in windows (maybe in some DLL? some info from microsoft
would be greatly appreciated, but their security offensive seems to be
hot air anyway), i could imagine more possibilities to exploit it:
* certificates o
here.
Vendor Notification:
- Local representative notified today.
On Mon, 2002-09-02 at 18:37, Mike Benham wrote:
>
> ===
> Outlook S/MIME Vulnerability 09/02/02
> Mike Benham <[EMAIL PROTECTED]>
> h
===
Outlook S/MIME Vulnerability 09/02/02
Mike Benham <[EMAIL PROTECTED]>
http://www.thoughtcrime.org
===
Abstract
Outlook's S/MIME implem
