Microsoft Active Directory Memory Access Error Lets Remote Authenticated Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1026412 |
|
SecurityTracker URL: http://securitytracker.com/id/1026412
|
|
CVE Reference:
CVE-2011-3406
(Links to External Site)
|
Date: Dec 13 2011
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in Microsoft Active Directory. A remote authenticated user can execute arbitrary code on the target system.
A remote authenticated user can run a specially crafted application to trigger a memory access error and execute arbitrary code on the target system. The code will run with the privileges of the Network Service.
Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) is affected.
|
Impact:
A remote authenticated user can execute arbitrary code on the target system with the privileges of the Network Service.
|
Solution:
The vendor has issued the following fixes:
Active Directory Application Mode (ADAM):
http://www.microsoft.com/downloads/details.aspx?familyid=3b816964-d3c3-4f05-94c3-f54a6f54ca73
Active Directory Application Mode (ADAM):
http://www.microsoft.com/downloads/details.aspx?familyid=986f0087-c674-4060-8710-af3496adbfdd
Active Directory:
http://www.microsoft.com/downloads/details.aspx?familyid=01caf06f-777d-4ea8-95ca-e11d60a973ad
Active Directory:
http://www.microsoft.com/downloads/details.aspx?familyid=e1ba50cf-fc6b-4668-b71c-e9f75a8ac638
Active Directory:
http://www.microsoft.com/downloads/details.aspx?familyid=74099261-60ad-4c68-906c-60e131818955
Active Directory Lightweight Directory Service (AD LDS):
http://www.microsoft.com/downloads/details.aspx?familyid=470da512-2c8b-4ba9-b7bb-b9e6c45cd33f
Active Directory Lightweight Directory Service (AD LDS):
http://www.microsoft.com/downloads/details.aspx?familyid=8daf9a49-60cb-4813-ac7a-e9a4bf296889
Active Directory and Active Directory Lightweight Directory Service (AD LDS):
http://www.microsoft.com/downloads/details.aspx?familyid=6f9ddcdb-a471-4e00-a697-92a24e4ea8d4
Active Directory and Active Directory Lightweight Directory Service (AD LDS):
http://www.microsoft.com/downloads/details.aspx?familyid=5253477b-422f-404a-941e-8b69da5a2670
Active Directory Lightweight Directory Service (AD LDS):
http://www.microsoft.com/downloads/details.aspx?familyid=d2e87199-6469-4bc0-a721-f43e817e4344
Active Directory Lightweight Directory Service (AD LDS):
http://www.microsoft.com/downloads/details.aspx?familyid=ba8d7aa9-8299-49a3-b0c0-b8b5eab48434
Active Directory and Active Directory Lightweight Directory Service (AD LDS):
http://www.microsoft.com/downloads/details.aspx?familyid=a3e0d27c-8b29-4981-bdef-bcd037fd3408
A restart is required.
The Microsoft advisory is available at:
http://technet.microsoft.com/en-us/security/bulletin/ms11-095
|
Vendor URL: technet.microsoft.com/en-us/security/bulletin/ms11-095 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Windows (2003), Windows (2008), Windows (7), Windows (Vista), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
