First published: Mon Jul 07 2008(Updated: )
Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft FrontPage | =2003 | |
Microsoft Sharepoint Designer | =2007 | |
Microsoft Office Communicator | =2007 | |
Microsoft Access | =2007 | |
Microsoft Visio Professional | =2007 | |
Microsoft Outlook | =2003 | |
Microsoft Project Standard | =2007 | |
Microsoft PowerPoint | =2003 | |
Microsoft InfoPath | =2007 | |
Microsoft InfoPath | =2003 | |
Microsoft Visio Standard | =2007 | |
Microsoft Windows Live Mail | =2008 | |
Microsoft Publisher | =2003 | |
Microsoft OneNote | =2003 | |
Microsoft Outlook | =2007 | |
Microsoft PowerPoint | =2007 | |
Microsoft Excel | =2007 | |
Microsoft Publisher | =2007 | |
Microsoft Excel | =2003 | |
Microsoft Project Professional | =2007 | |
Microsoft Office | =2007-sp1 | |
Microsoft Office | =2007 | |
Microsoft Groove | =2007 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.