Microsoft Outlook information leak (callback)

2008-07-05T00:00:00
ID SECURITYVULNS:VULN:9132
Type securityvulns
Reporter BUGTRAQ
Modified 2008-07-05T00:00:00

Description

By setting CA certificate URL field in certificate used for message signing, it's possible to force Outlook to issue HTTP request without user intervation.