Release DateDec 31, 2011 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attempt to exploit a Remote Code Execution vulnerability in Microsoft Windows Active Directory.The vulnerability is a result of the software's failure to handle specially crafted Lightweight Directory Access Protocol (LDAP) requests. A remote attacker can exploit this to execute arbitrary code with SYSTEM privileges. |
Affected ProductsMicrosoft Windows Server 2003 x64 SP2Microsoft Windows Server 2003 x64 SP1 Microsoft Windows Server 2003 Itanium SP2 Microsoft Windows Server 2003 Itanium SP1 Microsoft Windows Server 2003 Itanium 0 Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Server SP3 Microsoft Windows 2000 Server SP2 Microsoft Windows 2000 Server SP1 |
Recommended ActionsApply patch, available from the website:http://www.microsoft.com/technet/security/Bulletin/MS07-039.mspx |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-0040 |
Reference/shttp://technet.microsoft.com/en-us/security/bulletin/MS07-039.mspx (MS-ID)http://www.securityfocus.com/bid/24800 (BugTraq) http://www.frsirt.com/english/advisories/2007/2481 (FrSIRT) |
