Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Windows Active Directory array overflow
updated since 10.07.2007
Published:11.07.2007
Source:
SecurityVulns ID:7910
Type:remote
Threat Level:
7/10
Description:Array index overflow on LDAP request parsing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2003 Server
CVE:CVE-2007-3028 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.)
 CVE-2007-0040 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes.")
Original documentdocumentNGSSoftware Insight Security Research Advisory (NISR), Low Risk Vulnerability in Active Directory (11.07.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-039 - Critical Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122) (10.07.2007)
Files:Microsoft Security Bulletin MS07-039 - Critical Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod