Re: **maillist:: Outlook S/MIME Vulnerability

From: Torbjörn Hovmark (torbjorn.hovmark@abtrusion.com)
Date: 09/04/02


From: Torbjörn Hovmark <torbjorn.hovmark@abtrusion.com>
To: "Thomas Seliger" <SQEHXLLBQUJX@spammotel.com>, <bugtraq@securityfocus.com>
Date: Wed, 4 Sep 2002 16:18:01 +0200

Thomas,

> Since the failure of checking certificate chain correctly seems to be
> buried deeper in windows (maybe in some DLL? some info from
> microsoft would be greatly appreciated [...]

The CryptoAPI function CertVerifyCertificateChainPolicy() could be an
interesting starting point. However, I get the feeling it is more a matter
of similar errors being made by different people in different development
teams.

Best regards,

Torbjörn Hovmark

______________________________________
Abtrusion Security AB
http://www.abtrusion.com