A vulnerability in the way Microsoft Content Managment Server handles HTTP requests may lead to execution of arbitrary code.
Microsoft Content Managment Server (CMS) contains a vulnerability that could be exploited when it attempts to process specially crafted HTTP requests. According to Microsoft Security Bulletin MS07-018:
A remote code execution vulnerability results from the way that the Microsoft Content Management Server handles unexpected characters in an HTTP request.
A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition.
Update
Microsoft has released an update to address this issue. See Microsoft Security Bulletin MS07-018 for more details.
434137
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: April 17, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to Microsoft Security Bulletin MS07-018.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23434137 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was reported in Microsoft Security Bulletin MS07-018.
This document was written by Chris Taschner.
CVE IDs: | CVE-2007-0938 |
---|---|
Severity Metric: | 42.53 Date Public: |