CVE-2009-1138 - The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for

CVE-2009-1138

Summary

The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.

References

Vulnerable Configurations

cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 30-04-2019 - 14:27)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

msbulletin via4

bulletin_id	MS09-018
bulletin_url
date	2009-06-09T00:00:00
impact	Remote Code Execution
knowledgebase_id	971055
knowledgebase_url
severity	Critical
title	Vulnerabilities in Active Directory Could Allow Remote Code Execution

oval via4

accepted

2009-07-21T07:46:01.806-04:00

class

vulnerability

contributors

name	Dragos Prisaca
organization	Gideon Technologies, Inc.

definition_extensions

comment	Microsoft Windows 2000 SP4 or later is installed
oval	oval:org.mitre.oval:def:229

description

family

windows

oval:org.mitre.oval:def:6180

status

accepted

submitted

2009-06-09T14:00:00

title

Active Directory Invalid Free Vulnerability

version

refmap via4

bid	35226
cert	TA09-160A
confirm	http://support.avaya.com/elmodocs2/security/ASA-2009-214.htm
idefense	20090611 Microsoft Active Directory Hexdecimal DN AttributeValue Invalid Free Vulnerability
osvdb	54937
sectrack	1022349
secunia	35355
vupen	ADV-2009-1537

Last major update

30-04-2019 - 14:27

Published

10-06-2009 - 18:00

Last modified

30-04-2019 - 14:27