Trend Micro Security

Microsoft Crypto API X.509 Certificate Validation Remote Information Disclosure

2015年7月21日
  危険度: :
  CVE識別番号: CVE-2008-3068

  概要

Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.

  トレンドマイクロの対策

Apply associated Trend Micro DPI Rules.

  対応方法

  Trend Micro Deep Security DPI Rule Number: 1002366
  Trend Micro Deep Security DPI Rule Name: 1002366 - Detect Office 2007 Files On HTTP Stream

  影響を受けるソフトウェア

  • Microsoft Windows Live Mail 2008
  • Microsoft Visio Standard 2007
  • Microsoft Visio Professional 2007
  • Microsoft Visio Sharepoint Designer 2007
  • Microsoft Publisher 2007
  • Microsoft Publisher 2003
  • Microsoft Project Standard 2007
  • Microsoft Project Professional 2007
  • Microsoft Powerpoint 2007
  • Microsoft Powerpoint 2003
  • Microsoft Outlook 2007
  • Microsoft Outlook 2003
  • Microsoft Onenote 2003
  • Microsoft Office 2007
  • Microsoft Infopath 2007
  • Microsoft Infopath 2003
  • Microsoft Frontpage 2003
  • Microsoft Excel 2007
  • Microsoft Excel 2003
  • Microsoft Office Communicator 2007
  • Microsoft Access 2007