7.5

CVE-2008-3068

EPSS 12.63%
Published 07.07.2008 23:41:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.

Affected products Warnungen 0 Metrics 2 CWE 0 References 17

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Access Version2007

Microsoft ≫ Excel Version2003

Microsoft ≫ Excel Version2007

Microsoft ≫ Frontpage Version2003

Microsoft ≫ Groove Version2007

Microsoft ≫ Infopath Version2003

Microsoft ≫ Infopath Version2007

Microsoft ≫ Office Version2007

Microsoft ≫ Office Version2007 Updatesp1

Microsoft ≫ Office Communicator Version2007

Microsoft ≫ Onenote Version2003

Microsoft ≫ Outlook Version2003

Microsoft ≫ Outlook Version2007

Microsoft ≫ Powerpoint Version2003

Microsoft ≫ Powerpoint Version2007

Microsoft ≫ Project Professional Version2007

Microsoft ≫ Project Standard Version2007

Microsoft ≫ Publisher Version2003

Microsoft ≫ Publisher Version2007

Microsoft ≫ Sharepoint Designer Version2007

Microsoft ≫ Visio Professional Version2007

Microsoft ≫ Visio Standard Version2007

Microsoft ≫ Windows Live Mail Version2008

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	12.63%	0.938

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://securityreason.com/securityalert/3978

http://www.securityfocus.com/archive/1/493947/100/0/threaded

http://www.securityfocus.com/archive/1/494101/100/0/threaded

http://www.securityfocus.com/bid/28548

http://www.securitytracker.com/id?1019736

http://www.securitytracker.com/id?1019737

http://www.securitytracker.com/id?1019738

https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt

https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt

https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt

https://www.cynops.de/techzone/http_over_x509.html

https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt

https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt

https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt

https://nvd.nist.gov/vuln/detail/CVE-2008-3068

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3068

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3068

EUVD