CVE-2007-0940
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
Vulnerabilidad no especificada en el control ActiveX Cryptographic API Component Object Model Certificates ActiveX (CAPICOM.dll) en Microsoft CAPICOM y BizTalk Server 2004 SP1 y SP2 permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados, también conocido como "Vulnerabilidad de certificados CAPICOM".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-02-14 CVE Reserved
- 2007-05-08 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/25185 | Third Party Advisory | |
| http://www.kb.cert.org/vuls/id/866305 | Third Party Advisory |
|
| http://www.osvdb.org/34397 | Vdb Entry | |
| http://www.securityfocus.com/bid/23782 | Vdb Entry | |
| http://www.securitytracker.com/id?1018016 | Vdb Entry | |
| http://www.securitytracker.com/id?1018017 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA07-128A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2007/1713 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32739 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1670 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/archive/1/468871/100/200/threaded | 2018-10-16 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-028 | 2018-10-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Biztalk Server Search vendor "Microsoft" for product "Biztalk Server" | 2004 Search vendor "Microsoft" for product "Biztalk Server" and version "2004" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Biztalk Server Search vendor "Microsoft" for product "Biztalk Server" | 2004 Search vendor "Microsoft" for product "Biztalk Server" and version "2004" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Capicom Search vendor "Microsoft" for product "Capicom" | * | - |
Affected
| ||||||