• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Windows Active Directory LDAP Request Handling Remote Code Execution Vulnerability

Microsoft Windows Active Directory is prone to a remote code-execution vulnerability that arises because the application fails to handle specially crafted LDAP or LDAP over SSL (LDAPS) requests in a proper manner.

Successfully exploiting this issue would allow an attacker to execute arbitrary code and gain complete access to a vulnerable computer. The attacker may also be able to cause the affected system to stop responding to further requests and restart.

This issue affects only Windows 2000 servers configured as Active Directory domain controllers.