Shuriken Pro3 S/MIME signature verification does not verify the From address


Shuriken Pro3 contains a vulnerability in the S/MIME signature verification where the From address is not verified properly.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products

JustSystems Corporation
  • Shuriken Pro3
  • Shuriken Pro3 /R.2
  • Shuriken Pro3 Corporate Edition
  • Shuriken Pro3 /R.2 [VeriSign Security Mail Set]


A user can not notice a forged message when it is signed with a proper digital signature and the From address is forged, because the software does not alert the user that the message is forged.

Vendor Information

JustSystems Corporation
CWE (What is CWE?)

CVE (What is CVE?)


  1. JVN : JVN#B410A83F
Revision History

  • [2008/05/21]
      Web page published