Remote Code Execution Vulnerability in Microsoft CAPICOM and BizTalk Server
CVE-2007-0940

Currently unrated

Key Information:

Vendor: Microsoft
Status: Biztalk Server; Capicom
Vendor: CVE Published:; 8 May 2007

Summary

The vulnerability in Microsoft CAPICOM and BizTalk Server allows attackers to exploit the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll). By leveraging unspecified vectors, remote attackers can execute arbitrary code on affected systems. This poses significant risks, especially in environments where BizTalk Server is deployed, making timely patching and security measures imperative to avoid potential exploitation.

References

http://www.securityfocus.com/archive/1/468871/100/200/thr...

vendor-advisoryx_refsource_HP

http://www.securityfocus.com/archive/1/468871/100/200/thr...

vendor-advisoryx_refsource_HP

http://www.vupen.com/english/advisories/2007/1713

vdb-entryx_refsource_VUPEN

EPSS Score

74% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 8, 2007
Vulnerability Reserved
Feb 14, 2007