Back to search
CVE-2009-1138
Published: Jun 10, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
35226
vdb-entry
x_refsource_BID
20090611 Microsoft Active Directory Hexdecimal DN AttributeValue Invalid Free Vulnerability
third-party-advisory
x_refsource_IDEFENSE
oval:org.mitre.oval:def:6180
vdb-entry
signature
x_refsource_OVAL
MS09-018
vendor-advisory
x_refsource_MS
http://support.avaya.com/elmodocs2/security/ASA-2009-214.htm
x_refsource_CONFIRM
1022349
vdb-entry
x_refsource_SECTRACK
ADV-2009-1537
vdb-entry
x_refsource_VUPEN
TA09-160A
third-party-advisory
x_refsource_CERT
35355
third-party-advisory
x_refsource_SECUNIA
54937
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now