MS09-018: Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)

critical Nessus Plugin ID 39340

Synopsis

Arbitrary code can be executed on the remote host through Microsoft Active Directory.

Description

The version of Microsoft Active Directory / Active Directory Application Mode installed on the remote host is affected by one or both of the following vulnerabilities :

- A flaw involving the way memory is freed when handling specially crafted LDAP or LDAPS requests allows a remote attacker to execute arbitrary code on the remote host with administrator privileges. Note that this is only known to affect Active Directory on Microsoft Windows 2000 Server Service Pack 4. (CVE-2009-1138)

- Improper memory management during execution of certain types of LDAP or LDAPS requests may cause the affected product to stop responding. (CVE-2009-1139)

Solution

Microsoft has released a set of patches for Windows 2000, Windows XP and, Windows 2003.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2009/ms09-018

Plugin Details

Severity: Critical

ID: 39340

File Name: smb_nt_ms09-018.nasl

Version: 1.27

Type: local

Agent: windows

Published: 6/10/2009

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 6/9/2009

Vulnerability Publication Date: 6/9/2009

Reference Information

CVE: CVE-2009-1138, CVE-2009-1139

BID: 35226, 35225

CWE: 399

MSFT: MS09-018

MSKB: 969805, 970437