CVE Vulnerabilities

CVE-2008-3068

Published: Jul 07, 2008 | Modified: Oct 11, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.

Affected Software

Name Vendor Start Version End Version
Access Microsoft 2007 2007
Excel Microsoft 2003 2003
Excel Microsoft 2007 2007
Frontpage Microsoft 2003 2003
Groove Microsoft 2007 2007
Infopath Microsoft 2003 2003
Infopath Microsoft 2007 2007
Office Microsoft 2007 2007
Office Microsoft 2007 2007
Office_communicator Microsoft 2007 2007
Onenote Microsoft 2003 2003
Outlook Microsoft 2003 2003
Outlook Microsoft 2007 2007
Powerpoint Microsoft 2003 2003
Powerpoint Microsoft 2007 2007
Project_professional Microsoft 2007 2007
Project_standard Microsoft 2007 2007
Publisher Microsoft 2003 2003
Publisher Microsoft 2007 2007
Sharepoint_designer Microsoft 2007 2007
Visio_professional Microsoft 2007 2007
Visio_standard Microsoft 2007 2007
Windows_live_mail Microsoft 2008 2008

References