ID CVE-2007-0940
Summary Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:biztalk_server:2004:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:biztalk_server:2004:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:biztalk_server:2004:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:biztalk_server:2004:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:capicom:*:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:capicom:*:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 16-10-2018 - 16:35)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2015-08-10T04:00:20.949-04:00
class vulnerability
contributors
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Clifford Farrugia
    organization GFI Software
  • name Clifford Farrugia
    organization GFI Software
  • name Clifford Farrugia
    organization GFI Software
  • name Todd Dolinsky
    organization Hewlett-Packard
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
comment Microsoft Capicom is installed
oval oval:org.mitre.oval:def:29097
description Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
family windows
id oval:org.mitre.oval:def:1670
status accepted
submitted 2007-05-08T19:30:00
title CAPICOM.Certificates Vulnerability
version 24
refmap via4
bid 23782
cert TA07-128A
cert-vn VU#866305
hp
  • HPSBST02214
  • SSRT071422
ms MS07-028
osvdb 34397
sectrack
  • 1018016
  • 1018017
secunia 25185
vupen ADV-2007-1713
xf ms-capicom-code-execution(32739)
Last major update 16-10-2018 - 16:35
Published 08-05-2007 - 23:19
Back to Top