[Forgot Password]
Login  Register Subscribe

24003

 
 

131425

 
 

104705

 
 

909

 
 

84100

 
 

133

Paid content will be excluded from the download.


Download | Alert*
OVAL

Active Directory Invalid Free Vulnerability - MS09-018

ID: oval:org.secpod.oval:def:2611Date: (C)2011-10-27   (M)2018-04-05
Class: PATCHFamily: windows




The host is missing critical security update according to Microsoft security bulletin, MS09-018. The update is required to fix remote code execution vulnerability. A flaw is present in LDAP service in Active Directory, which does not properly free memory and allow memory leak for LDAP and LDAPS requests, which results in consumption of memory or remote arbitrary code execution. Successful exploitation could result in a denial of service condition.

Platform:
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2003
Product:
Active Directory
Active Directory Application Mode
Reference:
MS09-018
CVE-2009-1138
CVE-2009-1139
CVE    2
CVE-2009-1138
CVE-2009-1139
CPE    9
cpe:/o:microsoft:windows_2000::sp4:server
cpe:/o:microsoft:windows_2000::sp4
cpe:/o:microsoft:windows_xp::sp3:x86
cpe:/o:microsoft:windows_xp::sp2:x86
...
XCCDF    4
xccdf_com.secpod_benchmark_microsoft-windows-2000
xccdf_com.secpod_benchmark_microsoft-windows-server-2003
xccdf_com.secpod_benchmark_microsoft-windows-xp
xccdf_scaprepo.com_benchmark_microsoft-windows-server-2003
...

© 2013 SecPod Technologies