Vulnerabilities > CVE-2007-0040 - Remote Code Execution vulnerability in Microsoft Windows 2000 and Windows 2003 Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 6 |
Nessus
NASL family Windows NASL id SMB_KB926122.NASL description The remote version of Active Directory contains a flaw in the LDAP request handler code that may allow an attacker to execute code on the remote host. On Windows 2000, an anonymous attacker can exploit this flaw by sending a specially crafted LDAP packet. Additionally, Active Directory is affected by a remote denial of service vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 25699 published 2007-07-11 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25699 title MS07-039: Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122) (uncredentialed check) NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS07-039.NASL description The remote version of Active Directory contains a flaw in the LDAP request handler code that allows an attacker to execute code on the remote host. On Windows 2000 an anonymous attacker can exploit this flaw by sending a specially crafted LDAP packet. On Windows 2003 valid credentials are needed to exploit it. Additionally, the Active Directory is affected by a remote denial of service vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 25690 published 2007-07-10 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25690 title MS07-039: Microsoft Windows Active Directory LDAP Service Remote Code Execution (926122)
Oval
| accepted | 2007-08-20T08:04:39.839-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes." | ||||||||||||||||||||
| family | windows | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:2012 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2007-07-10T18:34:24 | ||||||||||||||||||||
| title | Windows Active Directory Remote Code Execution Vulnerability | ||||||||||||||||||||
| version | 70 |
References
- http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html
- http://osvdb.org/35960
- http://secunia.com/advisories/26002
- http://www.iss.net/threats/267.html
- http://www.kb.cert.org/vuls/id/487905
- http://www.securityfocus.com/bid/24800
- http://www.securitytracker.com/id?1018355
- http://www.us-cert.gov/cas/techalerts/TA07-191A.html
- http://www.vupen.com/english/advisories/2007/2481
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-039
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2012