Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Microsoft Crypto API X.509 Certificate Validation 远程信息泄露漏洞
Vulnerability Description
Microsoft Crypto 是windows程序安装时必有得一个API函数。 Microsoft Crypto API 5.131.2600.2180 至 6.0, 当在Outlook, Windows Live Mail, and Office 2007中运行时,通过在(1) S/MIME 电子邮件信息 或 (2)有符号的文件中的一个任意URL来执行证书撤回列表 (CRL)检测 ,这会允许远程攻击者通过精心设计的具有权限信息访问(AIA)扩展名的凭证来获得读去实践和收件人的IP地址,以及端点扫描结
CVSS Information
N/A
Vulnerability Type
N/A