Reported January 22, 2003, by Microsoft.

 

 

VERSIONS AFFECTED

 

·         Microsoft Outlook 2002

 

 

DESCRIPTION

 

A vulnerability in Outlook 2002 can result in information disclosure. This vulnerability stems from a flaw in the way Outlook 2002 uses a V1 Exchange Server Security certificate to encrypt email. As a result of this flaw, Outlook fails to correctly encrypt the mail and sends the message in plain text. Information in the message is therefore exposed.

 

VENDOR RESPONSE

 

Microsoft has released Security Bulletin MS03-003, "Flaw in How Outlook 2002 handles V1 Exchange Server Security Certificates could Lead to Information Disclosure (812262)," to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin.

 

CREDIT          

Discovered by Microsoft.