CVE-2007-0940 — Microsoft Biztalk Server vulnerability

5 documents4 sources

Severity

9.3CRITICALNVD

EPSS

75.2%

top 1.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Biztalk Server

Timeline

PublishedMay 8

Latest updateMay 1

Description

Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/biztalk_server2004

🔴Vulnerability Details

GHSA

GHSA-wgrj-2whc-pfpg: Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM↗2022-05-01

▶

CVEList

CVE-2007-0940: Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM↗2007-05-08

▶

💬Community

Bugzilla

CVE-2007-4574 EM64T local DoS↗2007-09-20

▶

Bugzilla

CVE-2007-3513 Locally triggerable memory consumption in usblcd↗2007-07-11

▶