Vigil@nce - Microsoft Outlook: information disclosure via S/MIME
November 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send a S/MIME message, and invite a Microsoft
Outlook user to open it, in order to obtain sensitive information.
Impacted products: Office, Outlook
Severity: 2/4
Creation date: 12/11/2013
Revision date: 13/11/2013
DESCRIPTION OF THE VULNERABILITY
The S/MIME format is used to sign and encrypt emails.
The X.509 id-ad-caIssuers extension (RFC 5280 : Authority
Information Access) indicates the url of a site where to obtain
information about the certificate creator.
The CryptoAPI library of Windows connects to this url (IP address
and port defined in the certificate). An attacker can therefore
alternate urls on his site and local urls. The duration measure
between two connexions on the attacker’s site can be used to
detect if the local url was reachable. An attacker can thus obtain
the IP address and the list of open ports on the computer and its
neighbor.
An attacker can therefore send a S/MIME message, and invite a
Microsoft Outlook user to open it, in order to obtain sensitive
information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Microsoft-Outlook-information-disclosure-via-S-MIME-13769