An interesting flaw. Quite some time ago (years?) we had an AO thread discussing how a digital sig could be hijacked. That particular expolit as I recall was unveiled by a very smart lady in the Balkans (as I recalll, but maybe EU somewhere). Was fairly complicated and the perp had to really target the sig and have a few resources, but it could be done. Don't think that one was ever fixed either. Actually, that one just diverted a copy of the original to the perp. Kind of useful if you work on the -5 level at a certain place, but impractical probably anywhere else.
This present report, however, is rather interesting in view of the fact that many states are coding laws to accept eMails with Digital Signatures as a valid contract. Just did a real estate one myself not too long ago, however it was just in verification of a prior telcon agreement so any changes would have been obvious and foiled by the prior recording.
Maybe will avoid using MS OE for digital signature messagess until we hear more on the problem. Your examples are interesting. But I am not sure exactly *where* the message hacking would take place at, or exactly what effect it would have in the real world.