2 matches found
CVE-2008-4037
CVE-2008-4037 describes a remote code-execution condition in various Windows platforms where SMB servers can replay NTLM credentials to a client, enabling arbitrary code execution (SMB Credential Reflection). The issue, demonstrated by backrush, is part of the SMB relay/credential reflection fami...
CVE-2008-5112
The CVE describes an LDAP authentication behavior in Microsoft Windows 2000 SP4 and Server 2003 SP1/SP2, where the Active Directory LDAP server responds differently to failed binds based on whether the user exists and is allowed to login. This enables remote attackers to enumerate valid usernames...