CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-3068

Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.102

EPSS Ranking 92.7%

CVSS Severity

CVSS v2 Score 7.5

References

Products affected by CVE-2008-3068

Microsoft » Access » Version: 2007

cpe:2.3:a:microsoft:access:2007
Microsoft » Excel » Version: 2003

cpe:2.3:a:microsoft:excel:2003
Microsoft » Excel » Version: 2007

cpe:2.3:a:microsoft:excel:2007
Microsoft » Frontpage » Version: 2003

cpe:2.3:a:microsoft:frontpage:2003
Microsoft » Groove » Version: 2007

cpe:2.3:a:microsoft:groove:2007
Microsoft » Infopath » Version: 2003

cpe:2.3:a:microsoft:infopath:2003
Microsoft » Infopath » Version: 2007

cpe:2.3:a:microsoft:infopath:2007
Microsoft » Office » Version: 2007

cpe:2.3:a:microsoft:office:2007
Microsoft » Office Communicator » Version: 2007

cpe:2.3:a:microsoft:office_communicator:2007
Microsoft » Onenote » Version: 2003

cpe:2.3:a:microsoft:onenote:2003
Microsoft » Outlook » Version: 2003

cpe:2.3:a:microsoft:outlook:2003
Microsoft » Outlook » Version: 2007

cpe:2.3:a:microsoft:outlook:2007
Microsoft » Powerpoint » Version: 2003

cpe:2.3:a:microsoft:powerpoint:2003
Microsoft » Powerpoint » Version: 2007

cpe:2.3:a:microsoft:powerpoint:2007
Microsoft » Project Professional » Version: 2007

cpe:2.3:a:microsoft:project_professional:2007
Microsoft » Project Standard » Version: 2007

cpe:2.3:a:microsoft:project_standard:2007
Microsoft » Publisher » Version: 2003

cpe:2.3:a:microsoft:publisher:2003
Microsoft » Publisher » Version: 2007

cpe:2.3:a:microsoft:publisher:2007
Microsoft » Sharepoint Designer » Version: 2007

cpe:2.3:a:microsoft:sharepoint_designer:2007
Microsoft » Visio Professional » Version: 2007

cpe:2.3:a:microsoft:visio_professional:2007
Microsoft » Visio Standard » Version: 2007

cpe:2.3:a:microsoft:visio_standard:2007
Microsoft » Windows Live Mail » Version: 2008

cpe:2.3:a:microsoft:windows_live_mail:2008

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-3068

Products

Pricing

Contact Us