ID CVE-2007-0940
Summary Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
References
Vulnerable Configurations
  • Microsoft Biztalk Server 2004 Service Pack 1
    cpe:2.3:a:microsoft:biztalk_server:2004:sp1
  • Microsoft Biztalk Server 2004 Service Pack 2
    cpe:2.3:a:microsoft:biztalk_server:2004:sp2
  • Microsoft CAPICOM
    cpe:2.3:a:microsoft:capicom
CVSS
Base: 9.3 (as of 09-05-2007 - 17:08)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS07-028.NASL
description The remote host is running a version of the CAPICOM library (Cryptographic API Component Object Model) that is subject to a flaw that could allow arbitrary code to be run. An attacker may use this to execute arbitrary code on this host. To exploit this flaw, an attacker would need to set up a rogue web site and lure a victim on the remote host into visiting it.
last seen 2019-02-21
modified 2018-11-15
plugin id 25167
published 2007-05-09
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=25167
title MS07-028: Vulnerability in CAPICOM Could Allow Remote Code Execution (931906)
oval via4
accepted 2015-08-10T04:00:20.949-04:00
class vulnerability
contributors
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Clifford Farrugia
    organization GFI Software
  • name Clifford Farrugia
    organization GFI Software
  • name Clifford Farrugia
    organization GFI Software
  • name Todd Dolinsky
    organization Hewlett-Packard
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
comment Microsoft Capicom is installed
oval oval:org.mitre.oval:def:29097
description Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
family windows
id oval:org.mitre.oval:def:1670
status accepted
submitted 2007-05-08T19:30:00
title CAPICOM.Certificates Vulnerability
version 24
refmap via4
bid 23782
cert TA07-128A
cert-vn VU#866305
hp
  • HPSBST02214
  • SSRT071422
ms MS07-028
osvdb 34397
sectrack
  • 1018016
  • 1018017
secunia 25185
vupen ADV-2007-1713
xf ms-capicom-code-execution(32739)
Last major update 07-03-2011 - 21:51
Published 08-05-2007 - 19:19
Last modified 16-10-2018 - 12:35
Back to Top