7.5
CWE
NVD-CWE-Other
Advisory Published
Updated

CVE-2008-3068

First published: Mon Jul 07 2008(Updated: )

Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Microsoft FrontPage=2003
Microsoft Sharepoint Designer=2007
Microsoft Office Communicator=2007
Microsoft Access=2007
Microsoft Visio Professional=2007
Microsoft Outlook=2003
Microsoft Project Standard=2007
Microsoft PowerPoint=2003
Microsoft InfoPath=2007
Microsoft InfoPath=2003
Microsoft Visio Standard=2007
Microsoft Windows Live Mail=2008
Microsoft Publisher=2003
Microsoft OneNote=2003
Microsoft Outlook=2007
Microsoft PowerPoint=2007
Microsoft Excel=2007
Microsoft Publisher=2007
Microsoft Excel=2003
Microsoft Project Professional=2007
Microsoft Office=2007-sp1
Microsoft Office=2007
Microsoft Groove=2007

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203