The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
References
Configurations
Information
Published : 2009-06-10 11:00
Updated : 2019-04-30 07:27
NVD link : CVE-2009-1138
Mitre link : CVE-2009-1138
JSON object : View
CWE
CWE-399
Resource Management Errors
Products Affected
microsoft
- windows_2000