Hundreds of potentially affected vendors are rushing to create patches for a security vulnerability in the S/MIME...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
protocol that may permit a denial of service.
Originally, e-mail consisted entirely of text. The MIME (multipurpose Internet mail extensions) protocol was devised to allow non-text items (graphics, sound, binary objects) to be represented as text and sent via e-mail. The S/MIME (secure multipurpose Internet mail extensions) addition enables this exchange to be done securely, and is commonly used for digital signatures and encrypted e-mail.
The problem is that the secure portion of an e-mail attachment is encoded with ASN.1 (Abstract Syntax Notation One). A remote attacker could use an exceptional ASN.1 element that the S/MIME implementation might not be able to handle. This could cause a denial-of-service. There is also a small possibility that a buffer overflow could be exploited to execute arbitrary code.
Since S/MIME is implemented differently by different vendors, each vendor must test their implementation, and provide their own patch if vulnerable.