PT-2007-1148 · Microsoft · Biztalk Server 2004+1

Published

2007-05-08

Updated

2018-10-16

CVE-2007-0940

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2

Description: The issue is related to an unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control, which can allow remote attackers to execute arbitrary code. This vulnerability is associated with errors in code generation management. The exploitation of this issue may enable a remote attacker to execute arbitrary code.

Recommendations: For Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

BDU:2019-01970

CVE-2007-0940

Affected Products

Biztalk Server 2004

Capicom

PT-2007-1148 · Microsoft · Biztalk Server 2004+1

CVE-2007-0940

Weakness Enumeration

Related Identifiers

Affected Products

References · 17