CVE-2008-3068
Summary
| CVE | CVE-2008-3068 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-07-07 23:41:00 UTC |
| Updated | 2018-10-11 20:45:00 UTC |
| Description | Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Access | 2007 | All | All | All |
| Application | Microsoft | Access | 2007 | All | All | All |
| Application | Microsoft | Excel | 2003 | All | All | All |
| Application | Microsoft | Excel | 2007 | All | All | All |
| Application | Microsoft | Excel | 2003 | All | All | All |
| Application | Microsoft | Excel | 2007 | All | All | All |
| Application | Microsoft | Frontpage | 2003 | All | All | All |
| Application | Microsoft | Frontpage | 2003 | All | All | All |
| Application | Microsoft | Groove | 2007 | All | All | All |
| Application | Microsoft | Groove | 2007 | All | All | All |
| Application | Microsoft | Infopath | 2003 | All | All | All |
| Application | Microsoft | Infopath | 2007 | All | All | All |
| Application | Microsoft | Infopath | 2003 | All | All | All |
| Application | Microsoft | Infopath | 2007 | All | All | All |
| Application | Microsoft | Office | 2007 | All | All | All |
| Application | Microsoft | Office | 2007 | sp1 | All | All |
| Application | Microsoft | Office | 2007 | All | All | All |
| Application | Microsoft | Office | 2007 | sp1 | All | All |
| Application | Microsoft | Office Communicator | 2007 | All | All | All |
| Application | Microsoft | Office Communicator | 2007 | All | All | All |
| Application | Microsoft | Onenote | 2003 | All | All | All |
| Application | Microsoft | Onenote | 2003 | All | All | All |
| Application | Microsoft | Outlook | 2003 | All | All | All |
| Application | Microsoft | Outlook | 2007 | All | All | All |
| Application | Microsoft | Outlook | 2003 | All | All | All |
| Application | Microsoft | Outlook | 2007 | All | All | All |
| Application | Microsoft | Powerpoint | 2003 | All | All | All |
| Application | Microsoft | Powerpoint | 2007 | All | All | All |
| Application | Microsoft | Powerpoint | 2003 | All | All | All |
| Application | Microsoft | Powerpoint | 2007 | All | All | All |
| Application | Microsoft | Project Professional | 2007 | All | All | All |
| Application | Microsoft | Project Professional | 2007 | All | All | All |
| Application | Microsoft | Project Standard | 2007 | All | All | All |
| Application | Microsoft | Project Standard | 2007 | All | All | All |
| Application | Microsoft | Publisher | 2003 | All | All | All |
| Application | Microsoft | Publisher | 2007 | All | All | All |
| Application | Microsoft | Publisher | 2003 | All | All | All |
| Application | Microsoft | Publisher | 2007 | All | All | All |
| Application | Microsoft | Sharepoint Designer | 2007 | All | All | All |
| Application | Microsoft | Sharepoint Designer | 2007 | All | All | All |
| Application | Microsoft | Visio Professional | 2007 | All | All | All |
| Application | Microsoft | Visio Professional | 2007 | All | All | All |
| Application | Microsoft | Visio Standard | 2007 | All | All | All |
| Application | Microsoft | Visio Standard | 2007 | All | All | All |
| Application | Microsoft | Windows Live Mail | 2008 | All | All | All |
| Application | Microsoft | Windows Live Mail | 2008 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CXSecurity - IDS | SREASON | securityreason.com | |
| www.cynops.de/advisories/AKLINK-SA-2008-004.txt | MISC | www.cynops.de | |
| www.cynops.de/techzone/http_over_x509.html | MISC | www.cynops.de | |
| www.cynops.de/advisories/AKLINK-SA-2008-003.txt | MISC | www.cynops.de | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Microsoft Crypto API X.509 Certificate Validation Remote Information Disclosure Vulnerability | BID | www.securityfocus.com | |
| Windows Live Mail S/MIME Processing Lets Remote Users Access Arbitrary URLs - SecurityTracker | SECTRACK | www.securitytracker.com | |
| 404 Not Found | MISC | www.klink.name | |
| Microsoft Outlook S/MIME Processing Lets Remote Users Access Arbitrary URLs - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Microsoft Office S/MIME Processing Lets Remote Users Access Arbitrary URLs - SecurityTracker | SECTRACK | www.securitytracker.com | |
| 404 Not Found | MISC | www.klink.name | |
| 404 Not Found | MISC | www.klink.name | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| www.cynops.de/advisories/AKLINK-SA-2008-002.txt | MISC | www.cynops.de | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.