VUPEN Security - Microsoft Windows 2000 Active Directory Vulnerability (MS08-060) / Exploit (Security Advisories)

	Contact \| Site en Français

Vulnerabilities & Threats

VUPEN Security Advisories

Linux Security Advisories

Malware Advisories

Zero-Day Monitor

Search Engine

>> Microsoft Windows 2000 Active Directory Vulnerability (MS08-060)

Title : Microsoft Windows 2000 Active Directory Vulnerability (MS08-060)
Advisory ID : VUPEN/ADV-2008-2811
CVE ID : CVE-2008-4023
CWE ID : CWE-119
Rated as : Critical

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-10-14

Advisory Details

Description

Affected Products

Solution

References

A fully functional exploit or PoC has been developed by VUPEN Security and is available through the VUPEN Security Exploits & PoCs Service.

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

Receive VUPEN Security notifications by SMS

A vulnerability has been identified in Microsoft Windows 2000, which could be exploited by remote attackers to take complete control of an affected system. This issue is caused by a buffer overflow error in the LDAP service when processing specially crafted LDAP (port 389/TCP) or LDAPS (port 636/TCP) requests, which could be exploited by remote attackers to compromise a vulnerable Domain Controller via a malicious packet.

Credits

Vulnerability reported by Paul Miseiko (nCircle).

ChangeLog

2008-10-14 : Initial release

Vulnerability Management

Subscribe to VUPEN Security VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@vupen.com.