SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Directory)  >   Microsoft Active Directory Vendors:   Microsoft
Microsoft Active Directory Memory Access Error Lets Remote Authenticated Users Execute Arbitrary Code
SecurityTracker Alert ID:  1026412
SecurityTracker URL:  http://securitytracker.com/id/1026412
CVE Reference:   CVE-2011-3406   (Links to External Site)
Date:  Dec 13 2011
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Microsoft Active Directory. A remote authenticated user can execute arbitrary code on the target system.

A remote authenticated user can run a specially crafted application to trigger a memory access error and execute arbitrary code on the target system. The code will run with the privileges of the Network Service.

Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) is affected.

Impact:   A remote authenticated user can execute arbitrary code on the target system with the privileges of the Network Service.
Solution:   The vendor has issued the following fixes:

Active Directory Application Mode (ADAM):

http://www.microsoft.com/downloads/details.aspx?familyid=3b816964-d3c3-4f05-94c3-f54a6f54ca73

Active Directory Application Mode (ADAM):

http://www.microsoft.com/downloads/details.aspx?familyid=986f0087-c674-4060-8710-af3496adbfdd

Active Directory:

http://www.microsoft.com/downloads/details.aspx?familyid=01caf06f-777d-4ea8-95ca-e11d60a973ad

Active Directory:

http://www.microsoft.com/downloads/details.aspx?familyid=e1ba50cf-fc6b-4668-b71c-e9f75a8ac638

Active Directory:

http://www.microsoft.com/downloads/details.aspx?familyid=74099261-60ad-4c68-906c-60e131818955

Active Directory Lightweight Directory Service (AD LDS):

http://www.microsoft.com/downloads/details.aspx?familyid=470da512-2c8b-4ba9-b7bb-b9e6c45cd33f

Active Directory Lightweight Directory Service (AD LDS):

http://www.microsoft.com/downloads/details.aspx?familyid=8daf9a49-60cb-4813-ac7a-e9a4bf296889

Active Directory and Active Directory Lightweight Directory Service (AD LDS):

http://www.microsoft.com/downloads/details.aspx?familyid=6f9ddcdb-a471-4e00-a697-92a24e4ea8d4

Active Directory and Active Directory Lightweight Directory Service (AD LDS):

http://www.microsoft.com/downloads/details.aspx?familyid=5253477b-422f-404a-941e-8b69da5a2670

Active Directory Lightweight Directory Service (AD LDS):

http://www.microsoft.com/downloads/details.aspx?familyid=d2e87199-6469-4bc0-a721-f43e817e4344

Active Directory Lightweight Directory Service (AD LDS):

http://www.microsoft.com/downloads/details.aspx?familyid=ba8d7aa9-8299-49a3-b0c0-b8b5eab48434

Active Directory and Active Directory Lightweight Directory Service (AD LDS):

http://www.microsoft.com/downloads/details.aspx?familyid=a3e0d27c-8b29-4981-bdef-bcd037fd3408

A restart is required.

The Microsoft advisory is available at:

http://technet.microsoft.com/en-us/security/bulletin/ms11-095

Vendor URL:  technet.microsoft.com/en-us/security/bulletin/ms11-095 (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (2003), Windows (2008), Windows (7), Windows (Vista), Windows (XP)
Underlying OS Comments:  XP SP3, 2003 SP2, 2008 R2 SP1, Vista SP2, 7 SP1, 2008 SP2; and prior service packs

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC