Microsoft Active Directory Invalid Free and Memory Leak Vulnerabilities ( 10 June 2009 )
RISK: Medium Risk
1. Active Directory Invalid Free Vulnerability
A remote code execution vulnerability exists in implementations of Active Directory on Microsoft Windows 2000 Server. The vulnerability is due to incorrect freeing of memory when processing specially crafted LDAP or LDAPS requests. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
2. Active Directory Memory Leak Vulnerability
A denial of service vulnerability exists in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003. The vulnerability also exists in implementations of Active Directory Application Mode (ADAM) when installed on Windows XP Professional and Windows Server 2003. The vulnerability is due to improper memory management during execution of certain types of LDAP or LDAPS requests. An attacker who successfully exploited this vulnerability could cause the affected server to stop responding.
Impact
- Denial of Service
- Remote Code Execution
System / Technologies affected
- Microsoft Windows 2000
- Windows XP
- Windows Server 2003
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Microsoft Windows 2000 Server Service Pack 4
- Active Directory - Windows XP Professional Service Pack 2 and Windows XP Professional Service Pack 3
- Active Directory Application Mode (ADAM) - Windows XP Professional x64 Edition Service Pack 2
- Active Directory Application Mode (ADAM) - Windows Server 2003 Service Pack 2
- Active Directory
- Active Directory Application Mode (ADAM) - Windows Server 2003 x64 Edition Service Pack 2
- Active Directory
- Active Directory Application Mode (ADAM) - Windows Server 2003 with SP2 for Itanium-based Systems
- Active Directory
Vulnerability Identifier
Source
Related Link
Share with