CVE-2007-0040

Name of the Vulnerable Software and Affected Versions Microsoft Windows 2000 Server version SP4 Microsoft Windows Server 2003 version SP1 Microsoft Windows Server 2003 version SP2 Microsoft Windows Server 2003 x64 Edition version SP2 Microsoft Windows Server 2003 for Itanium-based Systems version SP1 Microsoft Windows Server 2003 for Itanium-based Systems version SP2

Description The issue allows remote attackers to execute arbitrary code via a crafted LDAP request. This is made possible by an unspecified number of "convertible attributes" in the LDAP service within Windows Active Directory.

Recommendations For Microsoft Windows 2000 Server SP4, update to a newer version to mitigate the risk. For Microsoft Windows Server 2003 SP1, update to a newer version to mitigate the risk. For Microsoft Windows Server 2003 SP2, update to a newer version to mitigate the risk. For Microsoft Windows Server 2003 x64 Edition SP2, update to a newer version to mitigate the risk. For Microsoft Windows Server 2003 for Itanium-based Systems SP1, update to a newer version to mitigate the risk. For Microsoft Windows Server 2003 for Itanium-based Systems SP2, update to a newer version to mitigate the risk.