Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P
Vendors Products
Microsoft
  • Windows Live Mail
  • Frontpage
  • Access
  • Office Communicator
  • Project Professional
  • Groove
  • Visio Professional
  • Infopath
  • Outlook
  • Powerpoint
  • Onenote
  • Office
  • Project Standard
  • Sharepoint Designer
  • Visio Standard
  • Publisher
  • Excel

Configuration 1 [-]

OR cpe:2.3:a:microsoft:access:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:frontpage:2003:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:groove:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:infopath:2003:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:infopath:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_communicator:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:onenote:2003:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:powerpoint:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:project_professional:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:project_standard:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:publisher:2003:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:publisher:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_designer:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visio_professional:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visio_standard:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_live_mail:2008:*:*:*:*:*:*:*
References
Link Resource
http://securityreason.com/securityalert/3978
http://www.securityfocus.com/archive/1/493947/100/0/threaded
http://www.securityfocus.com/archive/1/494101/100/0/threaded
http://www.securityfocus.com/bid/28548
http://www.securitytracker.com/id?1019736
http://www.securitytracker.com/id?1019737
http://www.securitytracker.com/id?1019738
https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt
https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt
https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt
https://www.cynops.de/techzone/http_over_x509.html
https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt
https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt
https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-07-07T23:00:00

Updated: 2018-10-11T19:57:01

Reserved: 2008-07-07T00:00:00

Link: CVE-2008-3068

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2008-07-07T23:41:00.000

Modified: 2018-10-11T20:45:52.827

Link: CVE-2008-3068

JSON object: View

cve-icon Redhat Information

No data.

CWE