CVE-2008-3068
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
Microsoft Crypto API 5.131.2600.2180 hasta la 6.0, como las usadas en Outlook, Windows Live Mail, y Office 2007, realiza una lista de revocación de certificado (CRL) utilizando una URL arbitraria de un certificado incluido en (1) mensaje de correo electrónico S/MIME o (2) documento firmado, lo que permite a atacantes remotos conseguir tiempos de lectura y direcciones IP de recipientes, y resultados de escaneo de puerto, a través de
un certificado manipulado con una extensión de de una Authority Information Access (AIA).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-07-07 CVE Reserved
- 2008-07-07 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://securityreason.com/securityalert/3978 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/493947/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/494101/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/28548 | Vdb Entry | |
| http://www.securitytracker.com/id?1019736 | Vdb Entry | |
| http://www.securitytracker.com/id?1019737 | Vdb Entry | |
| http://www.securitytracker.com/id?1019738 | Vdb Entry | |
| https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt | X_refsource_misc | |
| https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt | X_refsource_misc | |
| https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt | X_refsource_misc | |
| https://www.cynops.de/techzone/http_over_x509.html | X_refsource_misc | |
| https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt | X_refsource_misc | |
| https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt | X_refsource_misc | |
| https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Access Search vendor "Microsoft" for product "Access" | 2007 Search vendor "Microsoft" for product "Access" and version "2007" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Excel Search vendor "Microsoft" for product "Excel" | 2003 Search vendor "Microsoft" for product "Excel" and version "2003" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Excel Search vendor "Microsoft" for product "Excel" | 2007 Search vendor "Microsoft" for product "Excel" and version "2007" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Frontpage Search vendor "Microsoft" for product "Frontpage" | 2003 Search vendor "Microsoft" for product "Frontpage" and version "2003" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Groove Search vendor "Microsoft" for product "Groove" | 2007 Search vendor "Microsoft" for product "Groove" and version "2007" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Infopath Search vendor "Microsoft" for product "Infopath" | 2003 Search vendor "Microsoft" for product "Infopath" and version "2003" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Infopath Search vendor "Microsoft" for product "Infopath" | 2007 Search vendor "Microsoft" for product "Infopath" and version "2007" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2007 Search vendor "Microsoft" for product "Office" and version "2007" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2007 Search vendor "Microsoft" for product "Office" and version "2007" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Communicator Search vendor "Microsoft" for product "Office Communicator" | 2007 Search vendor "Microsoft" for product "Office Communicator" and version "2007" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Onenote Search vendor "Microsoft" for product "Onenote" | 2003 Search vendor "Microsoft" for product "Onenote" and version "2003" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Outlook Search vendor "Microsoft" for product "Outlook" | 2003 Search vendor "Microsoft" for product "Outlook" and version "2003" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Outlook Search vendor "Microsoft" for product "Outlook" | 2007 Search vendor "Microsoft" for product "Outlook" and version "2007" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Powerpoint Search vendor "Microsoft" for product "Powerpoint" | 2003 Search vendor "Microsoft" for product "Powerpoint" and version "2003" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Powerpoint Search vendor "Microsoft" for product "Powerpoint" | 2007 Search vendor "Microsoft" for product "Powerpoint" and version "2007" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Project Professional Search vendor "Microsoft" for product "Project Professional" | 2007 Search vendor "Microsoft" for product "Project Professional" and version "2007" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Project Standard Search vendor "Microsoft" for product "Project Standard" | 2007 Search vendor "Microsoft" for product "Project Standard" and version "2007" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Publisher Search vendor "Microsoft" for product "Publisher" | 2003 Search vendor "Microsoft" for product "Publisher" and version "2003" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Publisher Search vendor "Microsoft" for product "Publisher" | 2007 Search vendor "Microsoft" for product "Publisher" and version "2007" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Sharepoint Designer Search vendor "Microsoft" for product "Sharepoint Designer" | 2007 Search vendor "Microsoft" for product "Sharepoint Designer" and version "2007" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visio Professional Search vendor "Microsoft" for product "Visio Professional" | 2007 Search vendor "Microsoft" for product "Visio Professional" and version "2007" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visio Standard Search vendor "Microsoft" for product "Visio Standard" | 2007 Search vendor "Microsoft" for product "Visio Standard" and version "2007" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Live Mail Search vendor "Microsoft" for product "Windows Live Mail" | 2008 Search vendor "Microsoft" for product "Windows Live Mail" and version "2008" | - |
Affected
| ||||||