MS07-039: Microsoft Windows Active Directory LDAP Service Remote Code Execution (926122)

Critical Nessus Plugin ID 25690


It is possible to execute code on the remote host.


The remote version of Active Directory contains a flaw in the LDAP request handler code that allows an attacker to execute code on the remote host.

On Windows 2000 an anonymous attacker can exploit this flaw by sending a specially crafted LDAP packet. On Windows 2003 valid credentials are needed to exploit it.

Additionally, the Active Directory is affected by a remote denial of service vulnerability.


Microsoft has released a set of patches for Windows 2000 and 2003.

See Also

Plugin Details

Severity: Critical

ID: 25690

File Name: smb_nt_ms07-039.nasl

Version: $Revision: 1.32 $

Type: local

Agent: windows

Published: 2007/07/10

Modified: 2017/08/10

Dependencies: 57033, 13855

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2007/07/10

Vulnerability Publication Date: 2007/07/10

Reference Information

CVE: CVE-2007-3028, CVE-2007-0040

BID: 24796, 24800

OSVDB: 35960, 35961

MSFT: MS07-039

MSKB: 926122

CERT: 348953, 487905