ID |
CVE-2009-1138
|
Summary |
The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 10.0 (as of 30-04-2019 - 14:27) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-399 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
msbulletin
via4
|
bulletin_id | MS09-018 | bulletin_url | | date | 2009-06-09T00:00:00 | impact | Remote Code Execution | knowledgebase_id | 971055 | knowledgebase_url | | severity | Critical | title | Vulnerabilities in Active Directory Could Allow Remote Code Execution |
|
oval
via4
|
accepted | 2009-07-21T07:46:01.806-04:00 | class | vulnerability | contributors | name | Dragos Prisaca | organization | Gideon Technologies, Inc. |
| definition_extensions | comment | Microsoft Windows 2000 SP4 or later is installed | oval | oval:org.mitre.oval:def:229 |
| description | The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak. | family | windows | id | oval:org.mitre.oval:def:6180 | status | accepted | submitted | 2009-06-09T14:00:00 | title | Active Directory Invalid Free Vulnerability | version | 72 |
|
refmap
via4
|
|
Last major update |
30-04-2019 - 14:27 |
Published |
10-06-2009 - 18:00 |
Last modified |
30-04-2019 - 14:27 |