CVE-2009-1138

Name of the Vulnerable Software and Affected Versions Microsoft Windows 2000 SP4

Description The issue is related to the LDAP service in Active Directory, which does not properly free memory for LDAP and LDAPS requests. This allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released. The problem is associated with a "DN AttributeValue" and is probably a memory leak.

Recommendations For Microsoft Windows 2000 SP4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.