5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.816 High
EPSS
Percentile
98.4%
Microsoft Windows Active Directory fails to properly validate client-sent LDAP requests and may result in a denial of service condition.
Microsoft Windows Active Directory contains a vulnerability in the way that the LDAP service validates the number of convertible attributes in the client-sent request. By sending a specially crafted LDAP request to a server running Active Directory, an attacker may be able to cause the server to stop responding.
A remote attacker may be able to cause a denial of service condition.
Apply an Update
Microsoft has released updates in Microsoft Security Bulletin MS07-039 to address this issue.
Workaround
Microsoft suggests blocking port 389/tcp and port 3268/tcp at the firewall to prevent exploitation of this vulnerability. Please see Microsoft Security Bulletin MS07-039 for further information.
348953
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: July 10, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Microsoft has published Microsoft Security Bulletin MS07-039 in response to this issue. Users are encouraged to review this bulletin and apply the referenced patches.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23348953 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
<http://www.microsoft.com/technet/security/bulletin/ms07-039.mspx>
This vulnerability was reported in Microsoft Security Bulletin MS07-039. Microsoft credits Peter Winter-Smith of NGSSoftware for reporting the vulnerability to them.
This document was written by Katie Steiner.
CVE IDs: | CVE-2007-3028 |
---|---|
Severity Metric: | 0.39 Date Public: |