All the vulnerabilites related to microsoft - project_standard
Vulnerability from fkie_nvd
Published
2008-07-07 23:41
Modified
2024-11-21 00:48
Severity ?
Summary
Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
References
cve@mitre.orghttp://securityreason.com/securityalert/3978
cve@mitre.orghttp://www.securityfocus.com/archive/1/493947/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/494101/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/28548
cve@mitre.orghttp://www.securitytracker.com/id?1019736
cve@mitre.orghttp://www.securitytracker.com/id?1019737
cve@mitre.orghttp://www.securitytracker.com/id?1019738
cve@mitre.orghttps://www.cynops.de/advisories/AKLINK-SA-2008-002.txt
cve@mitre.orghttps://www.cynops.de/advisories/AKLINK-SA-2008-003.txt
cve@mitre.orghttps://www.cynops.de/advisories/AKLINK-SA-2008-004.txt
cve@mitre.orghttps://www.cynops.de/techzone/http_over_x509.html
cve@mitre.orghttps://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt
cve@mitre.orghttps://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt
cve@mitre.orghttps://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3978
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/493947/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/494101/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/28548
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1019736
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1019737
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1019738
af854a3a-2127-422b-91ae-364da2661108https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt
af854a3a-2127-422b-91ae-364da2661108https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt
af854a3a-2127-422b-91ae-364da2661108https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt
af854a3a-2127-422b-91ae-364da2661108https://www.cynops.de/techzone/http_over_x509.html
af854a3a-2127-422b-91ae-364da2661108https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt
af854a3a-2127-422b-91ae-364da2661108https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt
af854a3a-2127-422b-91ae-364da2661108https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt
Impacted products
Vendor Product Version
microsoft access 2007
microsoft excel 2003
microsoft excel 2007
microsoft frontpage 2003
microsoft groove 2007
microsoft infopath 2003
microsoft infopath 2007
microsoft office 2007
microsoft office 2007
microsoft office_communicator 2007
microsoft onenote 2003
microsoft outlook 2003
microsoft outlook 2007
microsoft powerpoint 2003
microsoft powerpoint 2007
microsoft project_professional 2007
microsoft project_standard 2007
microsoft publisher 2003
microsoft publisher 2007
microsoft sharepoint_designer 2007
microsoft visio_professional 2007
microsoft visio_standard 2007
microsoft windows_live_mail 2008


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:access:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B4D3093-F17C-4BCF-8F4A-F15057C55F82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F79E0AB-7081-4F97-BFE4-9AF84F643B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A70D659-F648-4870-852A-4E86D1F4B646",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:frontpage:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C79FEE1-70A3-4A48-BE7B-0D18F0A5FA7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:groove:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "355F60DB-EC9A-4054-8023-BD16D5723C9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:infopath:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "345BC07E-1558-4C27-BF1A-C13547D175FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:infopath:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "A007966C-7620-4625-AD2B-6A147577EB54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "828219FA-E694-46DA-93B0-BE2EC5BBF61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_communicator:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "61116145-828F-479D-9267-76BAB633B23E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:onenote:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BA88A3-A31F-4F90-8913-67D5BC00E72D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3189982-F780-4AC2-9663-E6D4DF9DD319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:outlook:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "D789259A-034E-40BB-9DFF-76B3104B212F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5611EFD-2C7C-47BA-83E5-947EA00D8E6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "A947639C-B1D3-4297-B4BB-AD799C979BE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project_professional:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C58C5D7-B6F0-4C95-A305-ED37629E2A5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project_standard:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8D468F3-894D-409E-A7CE-EAA5919362E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:publisher:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "617E8BE3-8AD0-42FC-BDEE-6B1F120AE512",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:publisher:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "190A4DF4-EA93-4E18-BA96-7A7AC48831F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_designer:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E057F77-9197-4BC9-A0A1-A71850F59D70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio_professional:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9A72192-B10A-4E42-AE68-FE1CB8DA573F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio_standard:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D837BA2-BAC0-4B72-A1DD-CB4A1CA5A347",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:windows_live_mail:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD3CA537-AAF9-4356-AE7E-0AC14E5AFADF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension."
    },
    {
      "lang": "es",
      "value": "Microsoft Crypto API 5.131.2600.2180 hasta la 6.0, como las usadas en Outlook, Windows Live Mail, y Office 2007, realiza una lista de revocaci\u00f3n de certificado (CRL) utilizando una URL arbitraria de un certificado incluido en (1) mensaje de correo electr\u00f3nico S/MIME o (2) documento firmado, lo que permite a atacantes remotos conseguir tiempos de lectura  y direcciones IP de recipientes, y resultados de escaneo de puerto, a trav\u00e9s de \r\nun certificado manipulado con una extensi\u00f3n de de una Authority Information Access (AIA).\r\n"
    }
  ],
  "id": "CVE-2008-3068",
  "lastModified": "2024-11-21T00:48:20.853",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-07-07T23:41:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3978"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/28548"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019736"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019737"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019738"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.cynops.de/techzone/http_over_x509.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3978"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28548"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019736"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019737"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019738"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.cynops.de/techzone/http_over_x509.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2008-3068
Vulnerability from cvelistv5
Published
2008-07-07 23:00
Modified
2024-08-07 09:21
Severity ?
Summary
Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
References
https://www.cynops.de/advisories/AKLINK-SA-2008-003.txtx_refsource_MISC
http://securityreason.com/securityalert/3978third-party-advisory, x_refsource_SREASON
http://www.securityfocus.com/archive/1/494101/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/28548vdb-entry, x_refsource_BID
https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txtx_refsource_MISC
https://www.cynops.de/advisories/AKLINK-SA-2008-002.txtx_refsource_MISC
https://www.cynops.de/advisories/AKLINK-SA-2008-004.txtx_refsource_MISC
http://www.securitytracker.com/id?1019736vdb-entry, x_refsource_SECTRACK
http://www.securitytracker.com/id?1019738vdb-entry, x_refsource_SECTRACK
https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txtx_refsource_MISC
https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txtx_refsource_MISC
http://www.securitytracker.com/id?1019737vdb-entry, x_refsource_SECTRACK
https://www.cynops.de/techzone/http_over_x509.htmlx_refsource_MISC
http://www.securityfocus.com/archive/1/493947/100/0/threadedmailing-list, x_refsource_BUGTRAQ
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:21:34.955Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"
          },
          {
            "name": "3978",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3978"
          },
          {
            "name": "20080709 Re: Unauthorized reading confirmation from Outlook",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"
          },
          {
            "name": "28548",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28548"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"
          },
          {
            "name": "1019736",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019736"
          },
          {
            "name": "1019738",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019738"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"
          },
          {
            "name": "1019737",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019737"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cynops.de/techzone/http_over_x509.html"
          },
          {
            "name": "20080703 Unauthorized reading confirmation from Outlook",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-07-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"
        },
        {
          "name": "3978",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3978"
        },
        {
          "name": "20080709 Re: Unauthorized reading confirmation from Outlook",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"
        },
        {
          "name": "28548",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28548"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"
        },
        {
          "name": "1019736",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019736"
        },
        {
          "name": "1019738",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019738"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"
        },
        {
          "name": "1019737",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019737"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cynops.de/techzone/http_over_x509.html"
        },
        {
          "name": "20080703 Unauthorized reading confirmation from Outlook",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3068",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt",
              "refsource": "MISC",
              "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"
            },
            {
              "name": "3978",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3978"
            },
            {
              "name": "20080709 Re: Unauthorized reading confirmation from Outlook",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"
            },
            {
              "name": "28548",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28548"
            },
            {
              "name": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt",
              "refsource": "MISC",
              "url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"
            },
            {
              "name": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt",
              "refsource": "MISC",
              "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"
            },
            {
              "name": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt",
              "refsource": "MISC",
              "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"
            },
            {
              "name": "1019736",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019736"
            },
            {
              "name": "1019738",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019738"
            },
            {
              "name": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt",
              "refsource": "MISC",
              "url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"
            },
            {
              "name": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt",
              "refsource": "MISC",
              "url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"
            },
            {
              "name": "1019737",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019737"
            },
            {
              "name": "https://www.cynops.de/techzone/http_over_x509.html",
              "refsource": "MISC",
              "url": "https://www.cynops.de/techzone/http_over_x509.html"
            },
            {
              "name": "20080703 Unauthorized reading confirmation from Outlook",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-3068",
    "datePublished": "2008-07-07T23:00:00",
    "dateReserved": "2008-07-07T00:00:00",
    "dateUpdated": "2024-08-07T09:21:34.955Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}