CyberSec.Space Logo
Back to CVE Browser

CVE-2007-0040

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1830%
EPSS Percentile37.09th
PublishedJul 10, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."

Affected Platforms (CPE)

πŸ’»
Microsoft

Windows 2000

All versions
πŸ’»
Microsoft

Windows 2003 Server

All versions
πŸ’»
Microsoft

Windows 2003 Server

All versions
πŸ’»
Microsoft

Windows 2003 Server

All versions
πŸ’»
Microsoft

Windows 2003 Server

All versions
πŸ’»
Microsoft

Windows 2003 Server

All versions

References & Advisories

πŸ”— http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html
πŸ”— http://osvdb.org/35960
πŸ”— http://secunia.com/advisories/26002
πŸ”— http://www.iss.net/threats/267.html
πŸ”— http://www.kb.cert.org/vuls/id/487905
πŸ”— http://www.securityfocus.com/bid/24800
πŸ”— http://www.securitytracker.com/id?1018355
πŸ”— http://www.us-cert.gov/cas/techalerts/TA07-191A.html

Related Vulnerabilities

CVE-2000-103410.0

Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a ...

CVE-2000-006110.0

Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document h...

CVE-2000-022210.0

The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote ...

CVE-2000-107110.0

The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote...