{"api_version":"1","generated_at":"2026-04-23T06:19:25+00:00","cve":"CVE-2007-0444","urls":{"html":"https://cve.report/CVE-2007-0444","api":"https://cve.report/api/cve/CVE-2007-0444.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-0444","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-0444"},"summary":{"title":"CVE-2007-0444","description":"Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions.","state":"PUBLISHED","assigner":"mitre","published_at":"2007-01-24 22:28:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-119","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.2","severity":"","vector":"AV:L/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.securityfocus.com/archive/1/458002/100/0/threaded","name":"http://www.securityfocus.com/archive/1/458002/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://support.citrix.com/article/CTX111686","name":"http://support.citrix.com/article/CTX111686","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"CTX111686 - Vulnerability in Citrix Presentation Server's print provider could result in arbitrary code execution - Citrix Knowledge Center","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c","name":"http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"503"},{"url":"http://securitytracker.com/id?1017553","name":"http://securitytracker.com/id?1017553","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityTracker.com Archives - Citrix MetaFrame Presentation Server Buffer Overflow in 'cpprov.dll' Lets Remote Users Execute Arbitrary Code","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.zerodayinitiative.com/advisories/ZDI-07-006.html","name":"http://www.zerodayinitiative.com/advisories/ZDI-07-006.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"ZDI-07-006","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/23869","name":"http://secunia.com/advisories/23869","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Citrix Presentation Server Print Provider Buffer Overflow Vulnerability - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/22217","name":"http://www.securityfocus.com/bid/22217","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Citrix Presentation and MetaFrame Server Cpprov.DLL Stack Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://osvdb.org/32958","name":"http://osvdb.org/32958","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.vupen.com/english/advisories/2007/0328","name":"http://www.vupen.com/english/advisories/2007/0328","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-0444","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-0444","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"444","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"metaframe","cpe6":"1.0","cpe7":"*","cpe8":"xp","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"444","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"metaframe_presentation_server","cpe6":"3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"444","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"metaframe_presentation_server","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T12:19:30.312Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"23869","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/23869"},{"name":"22217","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/22217"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://support.citrix.com/article/CTX111686"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.zerodayinitiative.com/advisories/ZDI-07-006.html"},{"name":"1017553","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1017553"},{"name":"32958","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/32958"},{"name":"ADV-2007-0328","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/0328"},{"name":"20070124 ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/458002/100/0/threaded"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-01-24T00:00:00.000Z","descriptions":[{"lang":"en","value":"Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-16T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"23869","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/23869"},{"name":"22217","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/22217"},{"tags":["x_refsource_MISC"],"url":"http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c"},{"tags":["x_refsource_CONFIRM"],"url":"http://support.citrix.com/article/CTX111686"},{"tags":["x_refsource_MISC"],"url":"http://www.zerodayinitiative.com/advisories/ZDI-07-006.html"},{"name":"1017553","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1017553"},{"name":"32958","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/32958"},{"name":"ADV-2007-0328","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/0328"},{"name":"20070124 ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/458002/100/0/threaded"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-0444","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"23869","refsource":"SECUNIA","url":"http://secunia.com/advisories/23869"},{"name":"22217","refsource":"BID","url":"http://www.securityfocus.com/bid/22217"},{"name":"http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c","refsource":"MISC","url":"http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c"},{"name":"http://support.citrix.com/article/CTX111686","refsource":"CONFIRM","url":"http://support.citrix.com/article/CTX111686"},{"name":"http://www.zerodayinitiative.com/advisories/ZDI-07-006.html","refsource":"MISC","url":"http://www.zerodayinitiative.com/advisories/ZDI-07-006.html"},{"name":"1017553","refsource":"SECTRACK","url":"http://securitytracker.com/id?1017553"},{"name":"32958","refsource":"OSVDB","url":"http://osvdb.org/32958"},{"name":"ADV-2007-0328","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/0328"},{"name":"20070124 ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/458002/100/0/threaded"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-0444","datePublished":"2007-01-24T22:00:00.000Z","dateReserved":"2007-01-23T00:00:00.000Z","dateUpdated":"2024-08-07T12:19:30.312Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-01-24 22:28:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-119","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:metaframe:1.0:*:xp:*:*:*:*:*","matchCriteriaId":"7E71FB3C-D642-4736-B19A-DE3CE38FC2FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:metaframe_presentation_server:3.0:*:*:*:*:*:*:*","matchCriteriaId":"E406CDDF-A2F6-42EC-B4EF-93258F21C08A"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:metaframe_presentation_server:4.0:*:*:*:*:*:*:*","matchCriteriaId":"15137D61-8E46-4F46-B475-098429A79484"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"444","Ordinal":"1","Title":"CVE-2007-0444","CVE":"CVE-2007-0444","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"444","Ordinal":"1","NoteData":"Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions.","Type":"Description","Title":"CVE-2007-0444"},{"CveYear":"2007","CveId":"444","Ordinal":"2","NoteData":"2007-01-24","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"444","Ordinal":"3","NoteData":"2018-10-16","Type":"Other","Title":"Modified"}]}}}