CVE-2007-0040

Severity

99%

Complexity

99%

Confidentiality

165%

The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."

The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

Type

Microsoft Windows

First reported 17 years ago

2007-07-10 22:30:00

Last updated 5 years ago

2019-04-30 14:27:00

Affected Software

Microsoft Windows 2000 Service Pack 4

Microsoft Windows 2003 Server Service Pack 1

Microsoft Windows 2003 Service Pack 1 Itanium

Microsoft Windows 2003 Server Service Pack 2

Microsoft Windows 2003 Server Service Pack 2 x64 (64-bit)

References

SSRT071446

35960

26002

20070710 Microsoft Windows Active Directory Remote Code Execution

VU#487905

US Government Resource

24800

1018355

TA07-191A

US Government Resource

ADV-2007-2481

MS07-039

oval:org.mitre.oval:def:2012

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.