Active Directory Invalid Free Vulnerability - MS09-018
|ID: oval:org.secpod.oval:def:2611||Date: (C)2011-10-27 (M)2018-04-05|
|Class: PATCH||Family: windows|
The host is missing critical security update according to Microsoft security bulletin, MS09-018. The update is required to fix remote code execution vulnerability. A flaw is present in LDAP service in Active Directory, which does not properly free memory and allow memory leak for LDAP and LDAPS requests, which results in consumption of memory or remote arbitrary code execution. Successful exploitation could result in a denial of service condition.
|Microsoft Windows XP|
|Microsoft Windows 2000|
|Microsoft Windows Server 2003|
|Active Directory Application Mode|