CVE-2008-3068

NONECVSS 0.0

0.0

Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.

🔗 References (28)

cve@mitrehttp://securityreason.com/securityalert/3978
cve@mitrehttp://www.securityfocus.com/archive/1/493947/100/0/threaded
cve@mitrehttp://www.securityfocus.com/archive/1/494101/100/0/threaded
cve@mitrehttp://www.securityfocus.com/bid/28548
cve@mitrehttp://www.securitytracker.com/id?1019736
cve@mitrehttp://www.securitytracker.com/id?1019737
cve@mitrehttp://www.securitytracker.com/id?1019738
cve@mitrehttps://www.cynops.de/advisories/AKLINK-SA-2008-002.txt
cve@mitrehttps://www.cynops.de/advisories/AKLINK-SA-2008-003.txt
cve@mitrehttps://www.cynops.de/advisories/AKLINK-SA-2008-004.txt
cve@mitrehttps://www.cynops.de/techzone/http_over_x509.html
cve@mitrehttps://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt
cve@mitrehttps://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt
cve@mitrehttps://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3978

Is Your Infrastructure Affected by CVE-2008-3068?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-3068

📅 Published

🔄 Last Modified

🔗 References (28)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-3068?