Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for groove by microsoft

    CVE-2011-1892 (GCVE-0-2011-1892)

    Vulnerability from nvd – Published: 2011-09-15 10:00 – Updated: 2024-08-06 22:46
    VLAI
    Summary
    Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://securityreason.com/securityalert/8386 third-party-advisoryx_refsource_SREASON
    http://www.us-cert.gov/cas/techalerts/TA11-256A.html third-party-advisoryx_refsource_CERT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2011-09-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:46:00.763Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MS11-074",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074"
              },
              {
                "name": "8386",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/8386"
              },
              {
                "name": "TA11-256A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
              },
              {
                "name": "oval:org.mitre.oval:def:12907",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-09-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka \"SharePoint Remote File Disclosure Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "MS11-074",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074"
            },
            {
              "name": "8386",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/8386"
            },
            {
              "name": "TA11-256A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:12907",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2011-1892",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka \"SharePoint Remote File Disclosure Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "MS11-074",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074"
                },
                {
                  "name": "8386",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/8386"
                },
                {
                  "name": "TA11-256A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:12907",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2011-1892",
        "datePublished": "2011-09-15T10:00:00.000Z",
        "dateReserved": "2011-05-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:46:00.763Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-3146 (GCVE-0-2010-3146)

    Vulnerability from nvd – Published: 2010-08-27 18:10 – Updated: 2024-08-07 02:55
    VLAI
    Summary
    Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2010/2188 vdb-entryx_refsource_VUPEN
    http://www.exploit-db.com/exploits/14746/ exploitx_refsource_EXPLOIT-DB
    http://www.us-cert.gov/cas/techalerts/TA11-067A.html third-party-advisoryx_refsource_CERT
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2010-08-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:55:46.865Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2010-2188",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/2188"
              },
              {
                "name": "14746",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/14746/"
              },
              {
                "name": "TA11-067A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA11-067A.html"
              },
              {
                "name": "MS11-016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-016"
              },
              {
                "name": "oval:org.mitre.oval:def:12632",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12632"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-08-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka \"Microsoft Groove Insecure Library Loading Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2010-2188",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/2188"
            },
            {
              "name": "14746",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/14746/"
            },
            {
              "name": "TA11-067A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA11-067A.html"
            },
            {
              "name": "MS11-016",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-016"
            },
            {
              "name": "oval:org.mitre.oval:def:12632",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12632"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-3146",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka \"Microsoft Groove Insecure Library Loading Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2010-2188",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/2188"
                },
                {
                  "name": "14746",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/14746/"
                },
                {
                  "name": "TA11-067A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA11-067A.html"
                },
                {
                  "name": "MS11-016",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-016"
                },
                {
                  "name": "oval:org.mitre.oval:def:12632",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12632"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-3146",
        "datePublished": "2010-08-27T18:10:00.000Z",
        "dateReserved": "2010-08-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:55:46.865Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3068 (GCVE-0-2008-3068)

    Vulnerability from nvd – Published: 2008-07-07 23:00 – Updated: 2024-08-07 09:21
    VLAI
    Summary
    Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2008-07-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:21:34.955Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"
              },
              {
                "name": "3978",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3978"
              },
              {
                "name": "20080709 Re: Unauthorized reading confirmation from Outlook",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"
              },
              {
                "name": "28548",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28548"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"
              },
              {
                "name": "1019736",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019736"
              },
              {
                "name": "1019738",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019738"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"
              },
              {
                "name": "1019737",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019737"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cynops.de/techzone/http_over_x509.html"
              },
              {
                "name": "20080703 Unauthorized reading confirmation from Outlook",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"
            },
            {
              "name": "3978",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3978"
            },
            {
              "name": "20080709 Re: Unauthorized reading confirmation from Outlook",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"
            },
            {
              "name": "28548",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28548"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"
            },
            {
              "name": "1019736",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019736"
            },
            {
              "name": "1019738",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019738"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"
            },
            {
              "name": "1019737",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019737"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cynops.de/techzone/http_over_x509.html"
            },
            {
              "name": "20080703 Unauthorized reading confirmation from Outlook",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3068",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt",
                  "refsource": "MISC",
                  "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"
                },
                {
                  "name": "3978",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3978"
                },
                {
                  "name": "20080709 Re: Unauthorized reading confirmation from Outlook",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"
                },
                {
                  "name": "28548",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28548"
                },
                {
                  "name": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt",
                  "refsource": "MISC",
                  "url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"
                },
                {
                  "name": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt",
                  "refsource": "MISC",
                  "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"
                },
                {
                  "name": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt",
                  "refsource": "MISC",
                  "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"
                },
                {
                  "name": "1019736",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019736"
                },
                {
                  "name": "1019738",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019738"
                },
                {
                  "name": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt",
                  "refsource": "MISC",
                  "url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"
                },
                {
                  "name": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt",
                  "refsource": "MISC",
                  "url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"
                },
                {
                  "name": "1019737",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019737"
                },
                {
                  "name": "https://www.cynops.de/techzone/http_over_x509.html",
                  "refsource": "MISC",
                  "url": "https://www.cynops.de/techzone/http_over_x509.html"
                },
                {
                  "name": "20080703 Unauthorized reading confirmation from Outlook",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3068",
        "datePublished": "2008-07-07T23:00:00.000Z",
        "dateReserved": "2008-07-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:21:34.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-1892 (GCVE-0-2011-1892)

    Vulnerability from cvelistv5 – Published: 2011-09-15 10:00 – Updated: 2024-08-06 22:46
    VLAI
    Summary
    Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://securityreason.com/securityalert/8386 third-party-advisoryx_refsource_SREASON
    http://www.us-cert.gov/cas/techalerts/TA11-256A.html third-party-advisoryx_refsource_CERT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2011-09-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:46:00.763Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MS11-074",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074"
              },
              {
                "name": "8386",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/8386"
              },
              {
                "name": "TA11-256A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
              },
              {
                "name": "oval:org.mitre.oval:def:12907",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-09-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka \"SharePoint Remote File Disclosure Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "MS11-074",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074"
            },
            {
              "name": "8386",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/8386"
            },
            {
              "name": "TA11-256A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:12907",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2011-1892",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka \"SharePoint Remote File Disclosure Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "MS11-074",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074"
                },
                {
                  "name": "8386",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/8386"
                },
                {
                  "name": "TA11-256A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:12907",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2011-1892",
        "datePublished": "2011-09-15T10:00:00.000Z",
        "dateReserved": "2011-05-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:46:00.763Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-3146 (GCVE-0-2010-3146)

    Vulnerability from cvelistv5 – Published: 2010-08-27 18:10 – Updated: 2024-08-07 02:55
    VLAI
    Summary
    Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2010/2188 vdb-entryx_refsource_VUPEN
    http://www.exploit-db.com/exploits/14746/ exploitx_refsource_EXPLOIT-DB
    http://www.us-cert.gov/cas/techalerts/TA11-067A.html third-party-advisoryx_refsource_CERT
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2010-08-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:55:46.865Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2010-2188",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/2188"
              },
              {
                "name": "14746",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/14746/"
              },
              {
                "name": "TA11-067A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA11-067A.html"
              },
              {
                "name": "MS11-016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-016"
              },
              {
                "name": "oval:org.mitre.oval:def:12632",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12632"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-08-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka \"Microsoft Groove Insecure Library Loading Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2010-2188",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/2188"
            },
            {
              "name": "14746",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/14746/"
            },
            {
              "name": "TA11-067A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA11-067A.html"
            },
            {
              "name": "MS11-016",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-016"
            },
            {
              "name": "oval:org.mitre.oval:def:12632",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12632"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-3146",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka \"Microsoft Groove Insecure Library Loading Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2010-2188",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/2188"
                },
                {
                  "name": "14746",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/14746/"
                },
                {
                  "name": "TA11-067A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA11-067A.html"
                },
                {
                  "name": "MS11-016",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-016"
                },
                {
                  "name": "oval:org.mitre.oval:def:12632",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12632"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-3146",
        "datePublished": "2010-08-27T18:10:00.000Z",
        "dateReserved": "2010-08-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:55:46.865Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3068 (GCVE-0-2008-3068)

    Vulnerability from cvelistv5 – Published: 2008-07-07 23:00 – Updated: 2024-08-07 09:21
    VLAI
    Summary
    Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2008-07-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:21:34.955Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"
              },
              {
                "name": "3978",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3978"
              },
              {
                "name": "20080709 Re: Unauthorized reading confirmation from Outlook",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"
              },
              {
                "name": "28548",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28548"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"
              },
              {
                "name": "1019736",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019736"
              },
              {
                "name": "1019738",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019738"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"
              },
              {
                "name": "1019737",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019737"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cynops.de/techzone/http_over_x509.html"
              },
              {
                "name": "20080703 Unauthorized reading confirmation from Outlook",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"
            },
            {
              "name": "3978",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3978"
            },
            {
              "name": "20080709 Re: Unauthorized reading confirmation from Outlook",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"
            },
            {
              "name": "28548",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28548"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"
            },
            {
              "name": "1019736",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019736"
            },
            {
              "name": "1019738",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019738"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"
            },
            {
              "name": "1019737",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019737"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cynops.de/techzone/http_over_x509.html"
            },
            {
              "name": "20080703 Unauthorized reading confirmation from Outlook",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3068",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt",
                  "refsource": "MISC",
                  "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"
                },
                {
                  "name": "3978",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3978"
                },
                {
                  "name": "20080709 Re: Unauthorized reading confirmation from Outlook",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"
                },
                {
                  "name": "28548",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28548"
                },
                {
                  "name": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt",
                  "refsource": "MISC",
                  "url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"
                },
                {
                  "name": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt",
                  "refsource": "MISC",
                  "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"
                },
                {
                  "name": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt",
                  "refsource": "MISC",
                  "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"
                },
                {
                  "name": "1019736",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019736"
                },
                {
                  "name": "1019738",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019738"
                },
                {
                  "name": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt",
                  "refsource": "MISC",
                  "url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"
                },
                {
                  "name": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt",
                  "refsource": "MISC",
                  "url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"
                },
                {
                  "name": "1019737",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019737"
                },
                {
                  "name": "https://www.cynops.de/techzone/http_over_x509.html",
                  "refsource": "MISC",
                  "url": "https://www.cynops.de/techzone/http_over_x509.html"
                },
                {
                  "name": "20080703 Unauthorized reading confirmation from Outlook",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3068",
        "datePublished": "2008-07-07T23:00:00.000Z",
        "dateReserved": "2008-07-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:21:34.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }