ID CVE-2007-0040
Summary The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:sp1:itanium:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:sp1:itanium:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
CVSS
Base: 10.0 (as of 30-04-2019 - 14:27)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2007-08-20T08:04:39.839-04:00
class vulnerability
contributors
name Sudhir Gandhe
organization Secure Elements, Inc.
definition_extensions
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Microsoft Windows Server 2003 SP2 (x64) is installed
    oval oval:org.mitre.oval:def:2161
description The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
family windows
id oval:org.mitre.oval:def:2012
status accepted
submitted 2007-07-10T18:34:24
title Windows Active Directory Remote Code Execution Vulnerability
version 67
refmap via4
bid 24800
cert TA07-191A
cert-vn VU#487905
hp SSRT071446
iss 20070710 Microsoft Windows Active Directory Remote Code Execution
ms MS07-039
osvdb 35960
sectrack 1018355
secunia 26002
vupen ADV-2007-2481
vulnerable_product via4
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:sp1:itanium:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
Last major update 30-04-2019 - 14:27
Published 10-07-2007 - 22:30
Back to Top