Remote Information Disclosure in Microsoft Crypto API Used in Office and Outlook
CVE-2008-3068

Currently unrated

Key Information:

Vendor

Microsoft
Status
Frontpage
Sharepoint Designer
Office Communicator
Access
Vendor
CVE Published:
7 July 2008

What is CVE-2008-3068?

The Microsoft Crypto API, utilized in Outlook, Windows Live Mail, and Office 2007, is susceptible to a vulnerability that allows remote attackers to exploit Certificate Revocation List (CRL) checks. By using a maliciously crafted certificate containing an Authority Information Access (AIA) extension, attackers can obtain sensitive information such as reading times, IP addresses of email recipients, and results of port scans. This highlights significant security concerns surrounding the handling of S/MIME email messages and digitally signed documents.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt
x_refsource_MISC
http://securityreason.com/securityalert/3978
third-party-advisoryx_refsource_SREASON
http://www.securityfocus.com/archive/1/494101/100/0/threaded
mailing-listx_refsource_BUGTRAQ

EPSS Score

12% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.