Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-1138

The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.

Published

2009-06-10T18:00:00.377

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 10.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-399

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	microsoft	windows_2000	*	Yes

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=804 ([email protected])
http://osvdb.org/54937 ([email protected])
http://secunia.com/advisories/35355 Vendor Advisory ([email protected])
http://support.avaya.com/elmodocs2/security/ASA-2009-214.htm ([email protected])
http://www.securityfocus.com/bid/35226 Patch ([email protected])
http://www.securitytracker.com/id?1022349 ([email protected])
http://www.us-cert.gov/cas/techalerts/TA09-160A.html US Government Resource ([email protected])
http://www.vupen.com/english/advisories/2009/1537 Patch, Vendor Advisory ([email protected])
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-018 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6180 ([email protected])
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=804 (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/54937 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/35355 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.avaya.com/elmodocs2/security/ASA-2009-214.htm (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/35226 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1022349 (af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA09-160A.html US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/1537 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-018 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6180 (af854a3a-2127-422b-91ae-364da2661108)