Microsoft Windows Active Directory array overflow - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Microsoft Windows Active Directory array overflow
updated since 10.07.2007
Published: 11.07.2007
Source: MICROSOFT
SecurityVulns ID: 7910
Type: remote
Level: 7/10
Description: Array index overflow on LDAP request parsing.

Affected: MICROSOFT : Windows 2000 Server
MICROSOFT : Windows 2003 Server
CVE: CVE-2007-3028 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.)
CVE-2007-0040 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes.")

Original document NGSSoftware Insight Security Research Advisory (NISR), Low Risk Vulnerability in Active Directory (11.07.2007)

MICROSOFT, Microsoft Security Bulletin MS07-039 - Critical Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122) (10.07.2007)

Files: Microsoft Security Bulletin MS07-039 - Critical Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122)
Discuss: Read or add your comments to this news (0 comments)