CVE-2008-3068

CVE Database · CVE-2008-3068

CVE-2008-3068

· N/AModified

CVSS v3.1

N/A

EPSS

17.40%

Published

Jul 7, 2008

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.

Affected Products (23)

microsoft · accessvulnerable

microsoft · excelvulnerable

microsoft · frontpagevulnerable

microsoft · groovevulnerable

microsoft · infopathvulnerable

microsoft · officevulnerable

microsoft · office_communicatorvulnerable

References (20)

http://securityreason.com/securityalert/3978

http://www.securityfocus.com/archive/1/493947/100/0/threaded

http://www.securityfocus.com/archive/1/494101/100/0/threaded