CVE-2008-3068 - Vulnerability Details

Vendors	Products
Microsoft	Access Excel Frontpage Groove Infopath Office Office Communicator Onenote Outlook Powerpoint Project Professional Project Standard Publisher Sharepoint Designer Visio Professional Visio Standard Windows Live Mail

Link	Providers
http://securityreason.com/securityalert/3978
http://www.securityfocus.com/archive/1/493947/100/0/threaded
http://www.securityfocus.com/archive/1/494101/100/0/threaded
http://www.securityfocus.com/bid/28548
http://www.securitytracker.com/id?1019736
http://www.securitytracker.com/id?1019737
http://www.securitytracker.com/id?1019738
https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt
https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt
https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt
https://www.cynops.de/techzone/http_over_x509.html
https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt
https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt
https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-07-03T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"}, {"name": "3978", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3978"}, {"name": "20080709 Re: Unauthorized reading confirmation from Outlook", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"}, {"name": "28548", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28548"}, {"tags": ["x_refsource_MISC"], "url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"}, {"tags": ["x_refsource_MISC"], "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"}, {"tags": ["x_refsource_MISC"], "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"}, {"name": "1019736", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019736"}, {"name": "1019738", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019738"}, {"tags": ["x_refsource_MISC"], "url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"}, {"tags": ["x_refsource_MISC"], "url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"}, {"name": "1019737", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019737"}, {"tags": ["x_refsource_MISC"], "url": "https://www.cynops.de/techzone/http_over_x509.html"}, {"name": "20080703 Unauthorized reading confirmation from Outlook", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3068", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt", "refsource": "MISC", "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"}, {"name": "3978", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3978"}, {"name": "20080709 Re: Unauthorized reading confirmation from Outlook", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"}, {"name": "28548", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28548"}, {"name": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt", "refsource": "MISC", "url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"}, {"name": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt", "refsource": "MISC", "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"}, {"name": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt", "refsource": "MISC", "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"}, {"name": "1019736", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019736"}, {"name": "1019738", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019738"}, {"name": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt", "refsource": "MISC", "url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"}, {"name": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt", "refsource": "MISC", "url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"}, {"name": "1019737", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019737"}, {"name": "https://www.cynops.de/techzone/http_over_x509.html", "refsource": "MISC", "url": "https://www.cynops.de/techzone/http_over_x509.html"}, {"name": "20080703 Unauthorized reading confirmation from Outlook", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:21:34.955Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"}, {"name": "3978", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3978"}, {"name": "20080709 Re: Unauthorized reading confirmation from Outlook", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"}, {"name": "28548", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28548"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"}, {"name": "1019736", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019736"}, {"name": "1019738", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019738"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"}, {"name": "1019737", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019737"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cynops.de/techzone/http_over_x509.html"}, {"name": "20080703 Unauthorized reading confirmation from Outlook", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3068", "datePublished": "2008-07-07T23:00:00", "dateReserved": "2008-07-07T00:00:00", "dateUpdated": "2024-08-07T09:21:34.955Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2008-07-03T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-10-11T19:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt (string)

}

1 : { »

name : 3978 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SREASON (string)

]

url : http://securityreason.com/securityalert/3978 (string)

}

2 : { »

name : 20080709 Re: Unauthorized reading confirmation from Outlook (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : http://www.securityfocus.com/archive/1/494101/100/0/threaded (string)

}

3 : { »

name : 28548 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/28548 (string)

}

4 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt (string)

}

5 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt (string)

}

6 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt (string)

}

7 : { »

name : 1019736 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id?1019736 (string)

}

8 : { »

name : 1019738 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id?1019738 (string)

}

9 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt (string)

}

10 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt (string)

}

11 : { »

name : 1019737 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id?1019737 (string)

}

12 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.cynops.de/techzone/http_over_x509.html (string)

}

13 : { »

name : 20080703 Unauthorized reading confirmation from Outlook (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : http://www.securityfocus.com/archive/1/493947/100/0/threaded (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2008-3068 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt (string)

refsource : MISC (string)

url : https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt (string)

}

1 : { »

name : 3978 (string)

refsource : SREASON (string)

url : http://securityreason.com/securityalert/3978 (string)

}

2 : { »

name : 20080709 Re: Unauthorized reading confirmation from Outlook (string)

refsource : BUGTRAQ (string)

url : http://www.securityfocus.com/archive/1/494101/100/0/threaded (string)

}

3 : { »

name : 28548 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/28548 (string)

}

4 : { »

name : https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt (string)

refsource : MISC (string)

url : https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt (string)

}

5 : { »

name : https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt (string)

refsource : MISC (string)

url : https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt (string)

}

6 : { »

name : https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt (string)

refsource : MISC (string)

url : https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt (string)

}

7 : { »

name : 1019736 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id?1019736 (string)

}

8 : { »

name : 1019738 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id?1019738 (string)

}

9 : { »

name : https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt (string)

refsource : MISC (string)

url : https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt (string)

}

10 : { »

name : https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt (string)

refsource : MISC (string)

url : https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt (string)

}

11 : { »

name : 1019737 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id?1019737 (string)

}

12 : { »

name : https://www.cynops.de/techzone/http_over_x509.html (string)

refsource : MISC (string)

url : https://www.cynops.de/techzone/http_over_x509.html (string)

}

13 : { »

name : 20080703 Unauthorized reading confirmation from Outlook (string)

refsource : BUGTRAQ (string)

url : http://www.securityfocus.com/archive/1/493947/100/0/threaded (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-07T09:21:34.955Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt (string)

}

1 : { »

name : 3978 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SREASON (string)

2 : x_transferred (string)

]

url : http://securityreason.com/securityalert/3978 (string)

}

2 : { »

name : 20080709 Re: Unauthorized reading confirmation from Outlook (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/archive/1/494101/100/0/threaded (string)

}

3 : { »

name : 28548 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/28548 (string)

}

4 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt (string)

}

5 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt (string)

}

6 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt (string)

}

7 : { »

name : 1019736 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id?1019736 (string)

}

8 : { »

name : 1019738 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id?1019738 (string)

}

9 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt (string)

}

10 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt (string)

}

11 : { »

name : 1019737 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id?1019737 (string)

}

12 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.cynops.de/techzone/http_over_x509.html (string)

}

13 : { »

name : 20080703 Unauthorized reading confirmation from Outlook (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/archive/1/493947/100/0/threaded (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2008-3068 (string)

datePublished : 2008-07-07T23:00:00 (string)

dateReserved : 2008-07-07T00:00:00 (string)

dateUpdated : 2024-08-07T09:21:34.955Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:access:2007:*:*:*:*:*:*:*", "matchCriteriaId": "1B4D3093-F17C-4BCF-8F4A-F15057C55F82", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*", "matchCriteriaId": "5F79E0AB-7081-4F97-BFE4-9AF84F643B9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:excel:2007:*:*:*:*:*:*:*", "matchCriteriaId": "5A70D659-F648-4870-852A-4E86D1F4B646", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:frontpage:2003:*:*:*:*:*:*:*", "matchCriteriaId": "3C79FEE1-70A3-4A48-BE7B-0D18F0A5FA7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:groove:2007:*:*:*:*:*:*:*", "matchCriteriaId": "355F60DB-EC9A-4054-8023-BD16D5723C9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:infopath:2003:*:*:*:*:*:*:*", "matchCriteriaId": "345BC07E-1558-4C27-BF1A-C13547D175FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:infopath:2007:*:*:*:*:*:*:*", "matchCriteriaId": "A007966C-7620-4625-AD2B-6A147577EB54", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2007:*:*:*:*:*:*:*", "matchCriteriaId": "828219FA-E694-46DA-93B0-BE2EC5BBF61E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*", "matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_communicator:2007:*:*:*:*:*:*:*", "matchCriteriaId": "61116145-828F-479D-9267-76BAB633B23E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:onenote:2003:*:*:*:*:*:*:*", "matchCriteriaId": "36BA88A3-A31F-4F90-8913-67D5BC00E72D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*", "matchCriteriaId": "C3189982-F780-4AC2-9663-E6D4DF9DD319", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:outlook:2007:*:*:*:*:*:*:*", "matchCriteriaId": "D789259A-034E-40BB-9DFF-76B3104B212F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*", "matchCriteriaId": "F5611EFD-2C7C-47BA-83E5-947EA00D8E6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:powerpoint:2007:*:*:*:*:*:*:*", "matchCriteriaId": "A947639C-B1D3-4297-B4BB-AD799C979BE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:project_professional:2007:*:*:*:*:*:*:*", "matchCriteriaId": "1C58C5D7-B6F0-4C95-A305-ED37629E2A5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:project_standard:2007:*:*:*:*:*:*:*", "matchCriteriaId": "E8D468F3-894D-409E-A7CE-EAA5919362E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:publisher:2003:*:*:*:*:*:*:*", "matchCriteriaId": "617E8BE3-8AD0-42FC-BDEE-6B1F120AE512", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:publisher:2007:*:*:*:*:*:*:*", "matchCriteriaId": "190A4DF4-EA93-4E18-BA96-7A7AC48831F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_designer:2007:*:*:*:*:*:*:*", "matchCriteriaId": "7E057F77-9197-4BC9-A0A1-A71850F59D70", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visio_professional:2007:*:*:*:*:*:*:*", "matchCriteriaId": "F9A72192-B10A-4E42-AE68-FE1CB8DA573F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visio_standard:2007:*:*:*:*:*:*:*", "matchCriteriaId": "9D837BA2-BAC0-4B72-A1DD-CB4A1CA5A347", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:windows_live_mail:2008:*:*:*:*:*:*:*", "matchCriteriaId": "AD3CA537-AAF9-4356-AE7E-0AC14E5AFADF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension."}, {"lang": "es", "value": "Microsoft Crypto API 5.131.2600.2180 hasta la 6.0, como las usadas en Outlook, Windows Live Mail, y Office 2007, realiza una lista de revocaci\u00f3n de certificado (CRL) utilizando una URL arbitraria de un certificado incluido en (1) mensaje de correo electr\u00f3nico S/MIME o (2) documento firmado, lo que permite a atacantes remotos conseguir tiempos de lectura  y direcciones IP de recipientes, y resultados de escaneo de puerto, a trav\u00e9s de \r\nun certificado manipulado con una extensi\u00f3n de de una Authority Information Access (AIA).\r\n"}], "id": "CVE-2008-3068", "lastModified": "2024-11-21T00:48:20.853", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-07-07T23:41:00.000", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3978"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28548"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019736"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019737"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019738"}, {"source": "cve@mitre.org", "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"}, {"source": "cve@mitre.org", "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"}, {"source": "cve@mitre.org", "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"}, {"source": "cve@mitre.org", "url": "https://www.cynops.de/techzone/http_over_x509.html"}, {"source": "cve@mitre.org", "url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"}, {"source": "cve@mitre.org", "url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"}, {"source": "cve@mitre.org", "url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3978"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/28548"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1019736"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1019737"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1019738"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.cynops.de/techzone/http_over_x509.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:access:2007:*:*:*:*:*:*:* (string)

matchCriteriaId : 1B4D3093-F17C-4BCF-8F4A-F15057C55F82 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:* (string)

matchCriteriaId : 5F79E0AB-7081-4F97-BFE4-9AF84F643B9A (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:microsoft:excel:2007:*:*:*:*:*:*:* (string)

matchCriteriaId : 5A70D659-F648-4870-852A-4E86D1F4B646 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:microsoft:frontpage:2003:*:*:*:*:*:*:* (string)

matchCriteriaId : 3C79FEE1-70A3-4A48-BE7B-0D18F0A5FA7F (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:microsoft:groove:2007:*:*:*:*:*:*:* (string)

matchCriteriaId : 355F60DB-EC9A-4054-8023-BD16D5723C9F (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:microsoft:infopath:2003:*:*:*:*:*:*:* (string)

matchCriteriaId : 345BC07E-1558-4C27-BF1A-C13547D175FC (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:microsoft:infopath:2007:*:*:*:*:*:*:* (string)

matchCriteriaId : A007966C-7620-4625-AD2B-6A147577EB54 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:microsoft:office:2007:*:*:*:*:*:*:* (string)

matchCriteriaId : 828219FA-E694-46DA-93B0-BE2EC5BBF61E (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:* (string)

matchCriteriaId : 69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:microsoft:office_communicator:2007:*:*:*:*:*:*:* (string)

matchCriteriaId : 61116145-828F-479D-9267-76BAB633B23E (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:microsoft:onenote:2003:*:*:*:*:*:*:* (string)

matchCriteriaId : 36BA88A3-A31F-4F90-8913-67D5BC00E72D (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:* (string)

matchCriteriaId : C3189982-F780-4AC2-9663-E6D4DF9DD319 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:microsoft:outlook:2007:*:*:*:*:*:*:* (string)

matchCriteriaId : D789259A-034E-40BB-9DFF-76B3104B212F (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:* (string)

matchCriteriaId : F5611EFD-2C7C-47BA-83E5-947EA00D8E6C (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:microsoft:powerpoint:2007:*:*:*:*:*:*:* (string)

matchCriteriaId : A947639C-B1D3-4297-B4BB-AD799C979BE4 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:microsoft:project_professional:2007:*:*:*:*:*:*:* (string)

matchCriteriaId : 1C58C5D7-B6F0-4C95-A305-ED37629E2A5A (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:microsoft:project_standard:2007:*:*:*:*:*:*:* (string)

matchCriteriaId : E8D468F3-894D-409E-A7CE-EAA5919362E9 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:microsoft:publisher:2003:*:*:*:*:*:*:* (string)

matchCriteriaId : 617E8BE3-8AD0-42FC-BDEE-6B1F120AE512 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:microsoft:publisher:2007:*:*:*:*:*:*:* (string)

matchCriteriaId : 190A4DF4-EA93-4E18-BA96-7A7AC48831F0 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:microsoft:sharepoint_designer:2007:*:*:*:*:*:*:* (string)

matchCriteriaId : 7E057F77-9197-4BC9-A0A1-A71850F59D70 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:microsoft:visio_professional:2007:*:*:*:*:*:*:* (string)

matchCriteriaId : F9A72192-B10A-4E42-AE68-FE1CB8DA573F (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:microsoft:visio_standard:2007:*:*:*:*:*:*:* (string)

matchCriteriaId : 9D837BA2-BAC0-4B72-A1DD-CB4A1CA5A347 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:microsoft:windows_live_mail:2008:*:*:*:*:*:*:* (string)

matchCriteriaId : AD3CA537-AAF9-4356-AE7E-0AC14E5AFADF (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. (string)

}

1 : { »

lang : es (string)

value : Microsoft Crypto API 5.131.2600.2180 hasta la 6.0, como las usadas en Outlook, Windows Live Mail, y Office 2007, realiza una lista de revocación de certificado (CRL) utilizando una URL arbitraria de un certificado incluido en (1) mensaje de correo electrónico S/MIME o (2) documento firmado, lo que permite a atacantes remotos conseguir tiempos de lectura y direcciones IP de recipientes, y resultados de escaneo de puerto, a través de un certificado manipulado con una extensión de de una Authority Information Access (AIA). (string)

}

]

id : CVE-2008-3068 (string)

lastModified : 2024-11-21T00:48:20.853 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 7.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : true (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2008-07-07T23:41:00.000 (string)

references : [ »

0 : { »