CVE-2008-3068
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
Known Affected Software
22 configuration(s) from 1 vendor(s)
excel
Version:
2007
CPE:
cpe:2.3:a:microsoft:excel:2007:-:*:*:*:*:*:*
access
Version:
2007
CPE:
cpe:2.3:a:microsoft:access:2007:sp3:*:*:*:*:*:*
windows_live_mail
Version:
2008
CPE:
cpe:2.3:a:microsoft:windows_live_mail:2008:*:*:*:*:*:*:*
excel
Version:
2003
CPE:
cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*
infopath
Version:
2007
CPE:
cpe:2.3:a:microsoft:infopath:2007:sp3:*:*:*:*:*:*
office
Version:
2007
CPE:
cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
powerpoint
Version:
2003
CPE:
cpe:2.3:a:microsoft:powerpoint:2003:sp1:*:*:*:*:*:*
outlook
Version:
2007
CPE:
cpe:2.3:a:microsoft:outlook:2007:sp3:*:*:*:*:*:*
sharepoint_designer
Version:
2007
CPE:
cpe:2.3:a:microsoft:sharepoint_designer:2007:sp3:*:*:*:*:*:*
visio_standard
Version:
2007
CPE:
cpe:2.3:a:microsoft:visio_standard:2007:*:*:*:*:*:*:*
publisher
Version:
2003
CPE:
cpe:2.3:a:microsoft:publisher:2003:sp3:*:*:*:*:*:*
powerpoint
Version:
2007
CPE:
cpe:2.3:a:microsoft:powerpoint:2007:sp3:*:*:*:*:*:*
onenote
Version:
2003
CPE:
cpe:2.3:a:microsoft:onenote:2003:*:*:*:*:*:*:*
visio_professional
Version:
2007
CPE:
cpe:2.3:a:microsoft:visio_professional:2007:*:*:*:*:*:*:*
project_standard
Version:
2007
CPE:
cpe:2.3:a:microsoft:project_standard:2007:*:*:*:*:*:*:*
frontpage
Version:
2003
CPE:
cpe:2.3:a:microsoft:frontpage:2003:sp3:*:*:*:*:*:*
groove
Version:
2007
CPE:
cpe:2.3:a:microsoft:groove:2007:*:*:*:*:*:*:*
office_communicator
Version:
2007
CPE:
cpe:2.3:a:microsoft:office_communicator:2007:r2:*:*:*:*:*:*
project_professional
Version:
2007
CPE:
cpe:2.3:a:microsoft:project_professional:2007:*:*:*:*:*:*:*
infopath
Version:
2003
CPE:
cpe:2.3:a:microsoft:infopath:2003:*:*:*:*:*:*:*
publisher
Version:
2007
CPE:
cpe:2.3:a:microsoft:publisher:2007:sp3:*:*:*:*:*:*
outlook
Version:
2003
CPE:
cpe:2.3:a:microsoft:outlook:2003:sp3:*:*:*:*:*:*
This vulnerability affects 22 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://securityreason.com/securityalert/3978cve@mitre.org
-
http://www.securityfocus.com/archive/1/493947/100/0/threadedcve@mitre.org
-
http://www.securityfocus.com/archive/1/494101/100/0/threadedcve@mitre.org
-
http://www.securityfocus.com/bid/28548cve@mitre.org
-
http://www.securitytracker.com/id?1019736cve@mitre.org
-
http://www.securitytracker.com/id?1019737cve@mitre.org
-
http://www.securitytracker.com/id?1019738cve@mitre.org
-
https://www.cynops.de/advisories/AKLINK-SA-2008-002.txtcve@mitre.org
-
https://www.cynops.de/advisories/AKLINK-SA-2008-003.txtcve@mitre.org
-
https://www.cynops.de/advisories/AKLINK-SA-2008-004.txtcve@mitre.org
-
https://www.cynops.de/techzone/http_over_x509.htmlcve@mitre.org
-
https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txtcve@mitre.org
-
https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txtcve@mitre.org
-
https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txtcve@mitre.org
-
http://securityreason.com/securityalert/3978af854a3a-2127-422b-91ae-364da2661108
-
http://www.securityfocus.com/archive/1/493947/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
-
http://www.securityfocus.com/archive/1/494101/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
-
http://www.securityfocus.com/bid/28548af854a3a-2127-422b-91ae-364da2661108
-
http://www.securitytracker.com/id?1019736af854a3a-2127-422b-91ae-364da2661108
-
http://www.securitytracker.com/id?1019737af854a3a-2127-422b-91ae-364da2661108
-
http://www.securitytracker.com/id?1019738af854a3a-2127-422b-91ae-364da2661108
-
https://www.cynops.de/advisories/AKLINK-SA-2008-002.txtaf854a3a-2127-422b-91ae-364da2661108
-
https://www.cynops.de/advisories/AKLINK-SA-2008-003.txtaf854a3a-2127-422b-91ae-364da2661108
-
https://www.cynops.de/advisories/AKLINK-SA-2008-004.txtaf854a3a-2127-422b-91ae-364da2661108
-
https://www.cynops.de/techzone/http_over_x509.htmlaf854a3a-2127-422b-91ae-364da2661108
-
https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txtaf854a3a-2127-422b-91ae-364da2661108
-
https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txtaf854a3a-2127-422b-91ae-364da2661108
-
https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txtaf854a3a-2127-422b-91ae-364da2661108
Severity Details
out of 10.0
Low
Key Information
- Published Date
- July 07, 2008
