CVE-2009-1139

Name of the Vulnerable Software and Affected Versions Active Directory versions on Microsoft Windows 2000 SP4 Active Directory versions on Server 2003 SP2 Active Directory Application Mode (ADAM) versions on Windows XP SP2 Active Directory Application Mode (ADAM) versions on Windows XP SP3 Active Directory Application Mode (ADAM) versions on Server 2003 SP2

Description A memory leak issue in the LDAP service allows remote attackers to cause a denial of service, resulting in memory consumption and service outage. This can be achieved via LDAP or LDAPS requests with unspecified OID filters.

Recommendations For Active Directory on Microsoft Windows 2000 SP4, update to a newer version to mitigate the risk. For Active Directory on Server 2003 SP2, update to a newer version to mitigate the risk. For Active Directory Application Mode (ADAM) on Windows XP SP2, update to a newer version to mitigate the risk. For Active Directory Application Mode (ADAM) on Windows XP SP3, update to a newer version to mitigate the risk. For Active Directory Application Mode (ADAM) on Server 2003 SP2, update to a newer version to mitigate the risk.