Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2008-07-07 23:41
Updated : 2024-02-04 17:33
NVD link : CVE-2008-3068
Mitre link : CVE-2008-3068
CVE.ORG link : CVE-2008-3068
JSON object : View
Products Affected
microsoft
- project_standard
- office
- office_communicator
- groove
- windows_live_mail
- outlook
- project_professional
- sharepoint_designer
- onenote
- publisher
- visio_standard
- excel
- infopath
- access
- powerpoint
- visio_professional
- frontpage
CWE