CVE-2007-0040
published 2007-07-10CVE-2007-0040: The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003…
PriorityP357critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
39.17%
98.4th percentile
The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hcvg-3vrp-pjx9: The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", whic
ghsa_unreviewed·2022-05-01·CVSS 10.0
CVE-2007-3028 [CRITICAL] GHSA-hcvg-3vrp-pjx9: The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", whic
The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
GHSA
GHSA-558v-684q-842r: The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Serve
ghsa_unreviewed·2022-05-01
CVE-2007-0040 [HIGH] GHSA-558v-684q-842r: The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Serve
The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
No detection rules found.
http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.htmlhttp://osvdb.org/35960http://secunia.com/advisories/26002http://www.iss.net/threats/267.htmlhttp://www.kb.cert.org/vuls/id/487905http://www.securityfocus.com/bid/24800http://www.securitytracker.com/id?1018355http://www.us-cert.gov/cas/techalerts/TA07-191A.htmlhttp://www.vupen.com/english/advisories/2007/2481https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-039https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2012http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.htmlhttp://osvdb.org/35960http://secunia.com/advisories/26002http://www.iss.net/threats/267.htmlhttp://www.kb.cert.org/vuls/id/487905http://www.securityfocus.com/bid/24800http://www.securitytracker.com/id?1018355http://www.us-cert.gov/cas/techalerts/TA07-191A.htmlhttp://www.vupen.com/english/advisories/2007/2481https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-039https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2012
2007-07-10
Published