Detections
Analytics

CVE-2008-4023

critical

Description

Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6107

https://exchange.xforce.ibmcloud.com/vulnerabilities/45585

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-060

http://www.vupen.com/english/advisories/2008/2811

http://www.us-cert.gov/cas/techalerts/TA08-288A.html

http://www.securitytracker.com/id?1021042

http://www.securityfocus.com/bid/31609

http://secunia.com/advisories/32242

http://marc.info/?l=bugtraq&m=122479227205998&w=2

Details

Source: Mitre, NVD

Published: 2008-10-15

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical