CVE-2008-3068

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-3068
Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://securityreason.com/securityalert/3978
http://www.securityfocus.com/archive/1/493947/100/0/threaded
http://www.securityfocus.com/archive/1/494101/100/0/threaded
http://www.securityfocus.com/bid/28548
http://www.securitytracker.com/id?1019736
http://www.securitytracker.com/id?1019737
http://www.securitytracker.com/id?1019738
https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt
https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt
https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt
https://www.cynops.de/techzone/http_over_x509.html
https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt
https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt
https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt
http://securityreason.com/securityalert/3978
http://www.securityfocus.com/archive/1/493947/100/0/threaded
http://www.securityfocus.com/archive/1/494101/100/0/threaded
http://www.securityfocus.com/bid/28548
http://www.securitytracker.com/id?1019736
http://www.securitytracker.com/id?1019737
http://www.securitytracker.com/id?1019738
https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt
https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt
https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt
https://www.cynops.de/techzone/http_over_x509.html
https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt
https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt
https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microsoft:access:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:frontpage:2003:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:groove:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:infopath:2003:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:infopath:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_communicator:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:onenote:2003:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:powerpoint:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:project_professional:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:project_standard:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:publisher:2003:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:publisher:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_designer:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visio_professional:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visio_standard:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_live_mail:2008:*:*:*:*:*:*:*
History

21 Nov 2024, 00:48

Type Values Removed Values Added
References () http://securityreason.com/securityalert/3978 - () http://securityreason.com/securityalert/3978 -
References () http://www.securityfocus.com/archive/1/493947/100/0/threaded - () http://www.securityfocus.com/archive/1/493947/100/0/threaded -
References () http://www.securityfocus.com/archive/1/494101/100/0/threaded - () http://www.securityfocus.com/archive/1/494101/100/0/threaded -
References () http://www.securityfocus.com/bid/28548 - () http://www.securityfocus.com/bid/28548 -
References () http://www.securitytracker.com/id?1019736 - () http://www.securitytracker.com/id?1019736 -
References () http://www.securitytracker.com/id?1019737 - () http://www.securitytracker.com/id?1019737 -
References () http://www.securitytracker.com/id?1019738 - () http://www.securitytracker.com/id?1019738 -
References () https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt - () https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt -
References () https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt - () https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt -
References () https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt - () https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt -
References () https://www.cynops.de/techzone/http_over_x509.html - () https://www.cynops.de/techzone/http_over_x509.html -
References () https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt - () https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt -
References () https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt - () https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt -
References () https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt - () https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt -
Information

Published : 2008-07-07 23:41

Updated : 2024-11-21 00:48

NVD link : CVE-2008-3068

Mitre link : CVE-2008-3068

CVE.ORG link : CVE-2008-3068

JSON object : View

Products Affected

microsoft

  • office_communicator
  • onenote
  • sharepoint_designer
  • windows_live_mail
  • groove
  • visio_professional
  • publisher
  • powerpoint
  • outlook
  • project_professional
  • infopath
  • excel
  • frontpage
  • project_standard
  • access
  • visio_standard
  • office
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024