{"api_version":"1","generated_at":"2026-04-23T17:14:52+00:00","cve":"CVE-2007-0940","urls":{"html":"https://cve.report/CVE-2007-0940","api":"https://cve.report/api/cve/CVE-2007-0940.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-0940","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-0940"},"summary":{"title":"CVE-2007-0940","description":"Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the \"CAPICOM.Certificates Vulnerability.\"","state":"PUBLISHED","assigner":"microsoft","published_at":"2007-05-08 23:19:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"9.3","severity":"","vector":"AV:N/AC:M/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-028","name":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-028","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Microsoft Security Bulletin MS07-028 - Critical | Microsoft Docs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/25185","name":"http://secunia.com/advisories/25185","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"CAPICOM CAPICOM.Certificates ActiveX Control Vulnerability - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/32739","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/32739","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.kb.cert.org/vuls/id/866305","name":"http://www.kb.cert.org/vuls/id/866305","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"],"title":"US-CERT Vulnerability Note VU#866305","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/23782","name":"http://www.securityfocus.com/bid/23782","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Microsoft Capicom ActiveX Control Remote Code Execution Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1670","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1670","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/34397","name":"http://www.osvdb.org/34397","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.vupen.com/english/advisories/2007/1713","name":"http://www.vupen.com/english/advisories/2007/1713","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1018017","name":"http://www.securitytracker.com/id?1018017","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Microsoft CAPICOM 'CAPICOM.Certificates' ActiveX Control Lets Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.us-cert.gov/cas/techalerts/TA07-128A.html","name":"http://www.us-cert.gov/cas/techalerts/TA07-128A.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"],"title":"US-CERT Technical Cyber Security Alert TA07-128A -- Microsoft Updates for Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/468871/100/200/threaded","name":"http://www.securityfocus.com/archive/1/468871/100/200/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1018016","name":"http://www.securitytracker.com/id?1018016","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityTracker.com Archives - Microsoft BizTalk Server 'CAPICOM.Certificates' ActiveX Control Lets Remote Users Execute Arbitrary Code","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-0940","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-0940","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"940","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"biztalk_server","cpe6":"2004","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"940","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"biztalk_server","cpe6":"2004","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"940","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"capicom","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T12:34:21.308Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"HPSBST02214","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://www.securityfocus.com/archive/1/468871/100/200/threaded"},{"name":"SSRT071422","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://www.securityfocus.com/archive/1/468871/100/200/threaded"},{"name":"ADV-2007-1713","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/1713"},{"name":"VU#866305","tags":["third-party-advisory","x_refsource_CERT-VN","x_transferred"],"url":"http://www.kb.cert.org/vuls/id/866305"},{"name":"TA07-128A","tags":["third-party-advisory","x_refsource_CERT","x_transferred"],"url":"http://www.us-cert.gov/cas/techalerts/TA07-128A.html"},{"name":"oval:org.mitre.oval:def:1670","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1670"},{"name":"25185","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/25185"},{"name":"ms-capicom-code-execution(32739)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/32739"},{"name":"1018016","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1018016"},{"name":"MS07-028","tags":["vendor-advisory","x_refsource_MS","x_transferred"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-028"},{"name":"34397","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/34397"},{"name":"1018017","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1018017"},{"name":"23782","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/23782"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-05-08T00:00:00.000Z","descriptions":[{"lang":"en","value":"Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the \"CAPICOM.Certificates Vulnerability.\""}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-16T14:57:01.000Z","orgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","shortName":"microsoft"},"references":[{"name":"HPSBST02214","tags":["vendor-advisory","x_refsource_HP"],"url":"http://www.securityfocus.com/archive/1/468871/100/200/threaded"},{"name":"SSRT071422","tags":["vendor-advisory","x_refsource_HP"],"url":"http://www.securityfocus.com/archive/1/468871/100/200/threaded"},{"name":"ADV-2007-1713","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/1713"},{"name":"VU#866305","tags":["third-party-advisory","x_refsource_CERT-VN"],"url":"http://www.kb.cert.org/vuls/id/866305"},{"name":"TA07-128A","tags":["third-party-advisory","x_refsource_CERT"],"url":"http://www.us-cert.gov/cas/techalerts/TA07-128A.html"},{"name":"oval:org.mitre.oval:def:1670","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1670"},{"name":"25185","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/25185"},{"name":"ms-capicom-code-execution(32739)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/32739"},{"name":"1018016","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1018016"},{"name":"MS07-028","tags":["vendor-advisory","x_refsource_MS"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-028"},{"name":"34397","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/34397"},{"name":"1018017","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1018017"},{"name":"23782","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/23782"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2007-0940","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the \"CAPICOM.Certificates Vulnerability.\""}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"HPSBST02214","refsource":"HP","url":"http://www.securityfocus.com/archive/1/468871/100/200/threaded"},{"name":"SSRT071422","refsource":"HP","url":"http://www.securityfocus.com/archive/1/468871/100/200/threaded"},{"name":"ADV-2007-1713","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/1713"},{"name":"VU#866305","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/866305"},{"name":"TA07-128A","refsource":"CERT","url":"http://www.us-cert.gov/cas/techalerts/TA07-128A.html"},{"name":"oval:org.mitre.oval:def:1670","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1670"},{"name":"25185","refsource":"SECUNIA","url":"http://secunia.com/advisories/25185"},{"name":"ms-capicom-code-execution(32739)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/32739"},{"name":"1018016","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1018016"},{"name":"MS07-028","refsource":"MS","url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-028"},{"name":"34397","refsource":"OSVDB","url":"http://www.osvdb.org/34397"},{"name":"1018017","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1018017"},{"name":"23782","refsource":"BID","url":"http://www.securityfocus.com/bid/23782"}]}}}},"cveMetadata":{"assignerOrgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","assignerShortName":"microsoft","cveId":"CVE-2007-0940","datePublished":"2007-05-08T23:00:00.000Z","dateReserved":"2007-02-14T00:00:00.000Z","dateUpdated":"2024-08-07T12:34:21.308Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-05-08 23:19:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:biztalk_server:2004:sp1:*:*:*:*:*:*","matchCriteriaId":"B5E766FA-F599-48D5-ADAE-088BE7C0FFBD"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:biztalk_server:2004:sp2:*:*:*:*:*:*","matchCriteriaId":"F2103A42-0F12-40CD-BAF1-B4ABFF6227A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:capicom:*:*:*:*:*:*:*:*","matchCriteriaId":"6259FF00-5D83-4B82-AB57-CA8CA8BA25D5"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"940","Ordinal":"1","Title":"CVE-2007-0940","CVE":"CVE-2007-0940","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"940","Ordinal":"1","NoteData":"Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the \"CAPICOM.Certificates Vulnerability.\"","Type":"Description","Title":"CVE-2007-0940"},{"CveYear":"2007","CveId":"940","Ordinal":"2","NoteData":"2007-05-08","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"940","Ordinal":"3","NoteData":"2018-10-16","Type":"Other","Title":"Modified"}]}}}