|
|
Microsoft Outlook 2002 V1 Exchange服务程序安全证书信息泄露
发布时间:2003-01-22
更新时间:2003-01-22
严重程度:中
威胁程度:用户敏感信息泄露
错误类型:设计错误
利用方式:服务器模式
BUGTRAQ ID:6667
CVE(CAN) ID:CAN-2003-0007
受影响系统Microsoft Outlook 2002 SP2
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP3
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows XP Home
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Professional
- Microsoft Windows XP Professional SP1
Microsoft Outlook 2002 SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft Outlook 2002
+ Microsoft Office XP
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows XP Home
- Microsoft Windows XP Professional 详细描述
Microsoft Outlook 2002是微软开发的邮件代理客户端。
Microsoft Outlook 2002存在多种安全加密机制用于保证邮件的安全,如S/MIME证书,V1 Exchange服务器安全证等。V1 Exchange服务器安全证在进行邮件加密的时候存在漏洞,这个漏洞会使邮件加密失败,以明文方式发送。攻击者就可以通过嗅探获得邮件信息。
测试代码
尚无
解决方案
补丁下载:
Microsoft Outlook 2002:
http://microsoft.com/downloads/details.aspx?FamilyId=F20A2E4B-E458-48F0-B0CB-7E73C0BB4884&displaylang=en
http://www.microsoft.com/office/ork/xp/journ/olk1006a.htm
相关信息
参考:http://www.nsfocus.net/index.php?act=sec_bug&do=view&bug_id=4281&keyword=Microsoft+Outlook+2002
|
