• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability

Microsoft Windows is prone to a remote denial-of-service vulnerability because Microsoft Active Directory, ADAM (Active Directory Application Mode), and AD LDS (Active Directory Lightweight Directory Service) fail to handle specially crafted Lightweight Directory Access Protocol (LDAP) requests.

An attacker can exploit this issue by sending a specially crafted LDAP request to the affected computer. This would cause the affected system to temporarily stop responding to LDAP requests, thus denying further service to legitimate users.

Note that the attacker requires valid logon credentials to exploit this issue on Windows Server 2003 and on any system that has ADAM installed.

This issue affects these components:

- Active Directory on Microsoft Windows 2000, Windows Server 2003, and Windows Server 2008
- ADAM on Windows XP Professional and Windows Server 2003
- AD LDS on Windows Server 2008

Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option.