Vulnerability Name:

CVE-2007-2374 (CCN-34444)

Assigned:2007-03-27
Published:2007-03-27
Updated:2019-04-30
Summary:Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.
Note: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.5 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
6.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-2374

Source: OSVDB
Type: UNKNOWN
35637

Source: CCN
Type: EEYEB-20070327
A flaw exists within Windows which allows for remote execution of arbitrary code with minimal user interaction.

Source: MISC
Type: UNKNOWN
http://research.eeye.com/html/advisories/upcoming/20070327.html

Source: CCN
Type: Microsoft Windows Web site
Microsoft Corporation

Source: CCN
Type: OSVDB ID: 35637
Microsoft Windows Unspecified Remote Code Execution

Source: BID
Type: UNKNOWN
23332

Source: CCN
Type: BID-23332
Microsoft Windows Unspecified Remote Code Execution Vulnerability

Source: XF
Type: UNKNOWN
win-unspecified-code-execution(34444)

Source: XF
Type: UNKNOWN
win-unspecified-code-execution(34444)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:sp1:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:datacenter:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise:*:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise:itanium_sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise:sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:standard:sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:web:sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:gold:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:64-bit_2003:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:professional:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:professional:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • AND
  • cpe:/a:avaya:media_server:*:*:*:*:*:*:*:*
  • OR cpe:/h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*
  • OR cpe:/h:avaya:s3400:*:*:*:*:*:*:*:*
  • OR cpe:/h:avaya:s8100:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft windows 2000 *
    microsoft windows 2000 * sp1
    microsoft windows 2000 * sp2
    microsoft windows 2000 * sp3
    microsoft windows 2000 * sp4
    microsoft windows 2003 server * sp1
    microsoft windows 2003 server datacenter
    microsoft windows 2003 server enterprise
    microsoft windows 2003 server enterprise
    microsoft windows 2003 server enterprise
    microsoft windows 2003 server enterprise itanium_sp1_beta_1
    microsoft windows 2003 server enterprise sp1
    microsoft windows 2003 server enterprise sp1_beta_1
    microsoft windows 2003 server itanium
    microsoft windows 2003 server standard
    microsoft windows 2003 server standard
    microsoft windows 2003 server standard sp1
    microsoft windows 2003 server standard sp1_beta_1
    microsoft windows 2003 server web
    microsoft windows 2003 server web sp1
    microsoft windows 2003 server web sp1_beta_1
    microsoft windows xp * gold
    microsoft windows xp * sp1
    microsoft windows xp * sp1
    microsoft windows xp * sp1
    microsoft windows xp * sp1
    microsoft windows xp * sp1
    microsoft windows xp * sp1
    microsoft windows xp * sp2
    microsoft windows xp * sp2
    microsoft windows xp * sp2
    microsoft windows xp * sp2
    microsoft windows 2000 *
    avaya media server *
    avaya definity one media server *
    avaya s3400 *
    avaya s8100 *
    microsoft windows 2000 *
    microsoft windows xp
    microsoft windows 2003 server *