Unrated severityNVD Advisory· Published May 8, 2007· Updated Apr 23, 2026

CVE-2007-0940

Description

Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."

Affected products

Microsoft/Biztalk Server2 versions
cpe:2.3:a:microsoft:biztalk_server:2004:sp1:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:biztalk_server:2004:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:biztalk_server:2004:sp2:*:*:*:*:*:*
Microsoft/Capicom
cpe:2.3:a:microsoft:capicom:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/866305nvdUS Government Resource
www.us-cert.gov/cas/techalerts/TA07-128A.htmlnvdUS Government Resource
secunia.com/advisories/25185nvd
www.osvdb.org/34397nvd
www.securityfocus.com/archive/1/468871/100/200/threadednvd
www.securityfocus.com/bid/23782nvd
www.securitytracker.com/idnvd
www.securitytracker.com/idnvd
www.vupen.com/english/advisories/2007/1713nvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-028nvd
exchange.xforce.ibmcloud.com/vulnerabilities/32739nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1670nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.060
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000