CVE-2008-3068

Currently unrated

Key Information:

Vendor
Microsoft
Status
Frontpage
Sharepoint Designer
Office Communicator
Access
Vendor
CVE Published:
7 July 2008

Summary

Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.

References

https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt
x_refsource_MISC
http://securityreason.com/securityalert/3978
third-party-advisoryx_refsource_SREASON
http://www.securityfocus.com/archive/1/494101/100/0/threaded
mailing-listx_refsource_BUGTRAQ

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.