New Search

LSASS Heap Overflow Vulnerability

oval:org.mitre.oval:def:7120

Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS) as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold SP2 and R2; Active Directory Application Mode (ADAM) in Windows XP SP2 and SP3 and Windows Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) in Windows Vista SP2 Windows Server 2008 Gold SP2 and R2 and Windows 7 allows remote authenticated users to execute arbitrary code via malformed LDAP messages aka "LSASS Heap Overflow Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Vista
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows XP
Class:
vulnerability
Reference(s):
  • CVE-2010-0820
Product(s):