N/A

Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) "AND," (2) "OR," and possibly other statements, which causes LSASS.EXE to crash.

N/A

N/A

Microsoft Windows Active目录远程堆栈溢出漏洞

Windows活动目录(Active Directory)是Windows 2000结构的重要组件，是一款Microsoft公开提供的强大的目录服务系统。 Windows活动目录的LDAP 3搜索请求功能对用户提交请求缺少正确缓冲区边界检查，远程攻击者可以利用这个漏洞使Lsass.exe服务崩溃，触发缓冲区溢出。 通过活动目录提供的目录服务基于LDAP协议和并使用协议存储和获得Active目录对象。活动目录中使用LDAP 3的'search request'请求功能存在问题，攻击者如果构建超过1000个"

N/A

N/A