ID CVE-2008-4023
Summary Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 12-10-2018 - 21:48)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2008-11-24T04:00:22.138-05:00
class vulnerability
contributors
name Sudhir Gandhe
organization Secure Elements, Inc.
definition_extensions
comment Microsoft Windows 2000 SP4 or later is installed
oval oval:org.mitre.oval:def:229
description Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."
family windows
id oval:org.mitre.oval:def:6107
status accepted
submitted 2008-10-14T13:33:00
title Active Directory Overflow Vulnerability
version 66
refmap via4
bid 31609
cert TA08-288A
hp
  • HPSBST02379
  • SSRT080143
ms MS08-060
sectrack 1021042
secunia 32242
vupen ADV-2008-2811
xf win-active-directory-ldap-bo(45585)
Last major update 12-10-2018 - 21:48
Published 15-10-2008 - 00:12
Back to Top