Detections
Analytics
CVE-2009-1138
critical
Description
The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6180
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-018
http://www.vupen.com/english/advisories/2009/1537
http://www.us-cert.gov/cas/techalerts/TA09-160A.html
http://www.securitytracker.com/id?1022349
http://www.securityfocus.com/bid/35226
http://support.avaya.com/elmodocs2/security/ASA-2009-214.htm
http://secunia.com/advisories/35355
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=804