CVE-2010-0820

Name of the Vulnerable Software and Affected Versions Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2008 Gold, SP2, and R2 Microsoft Windows XP SP2 and SP3 Microsoft Windows Vista SP2 Microsoft Windows 7 Microsoft Windows Server 2008 Gold, SP2, and R2 Active Directory Application Mode (ADAM) in Windows XP SP2 and SP3 and Windows Server 2003 SP2 Active Directory Lightweight Directory Service (AD LDS) in Windows Vista SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7

Description The issue is a heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS) as used in Active Directory, allowing remote authenticated users to execute arbitrary code via malformed LDAP messages.

Recommendations For Microsoft Windows Server 2003 SP2, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008 Gold, SP2, and R2, update to a newer version to mitigate the risk. For Microsoft Windows XP SP2 and SP3, update to a newer version to mitigate the risk. For Microsoft Windows Vista SP2, update to a newer version to mitigate the risk. For Microsoft Windows 7, update to a newer version to mitigate the risk. For Active Directory Application Mode (ADAM) in Windows XP SP2 and SP3 and Windows Server 2003 SP2, update to a newer version to mitigate the risk. For Active Directory Lightweight Directory Service (AD LDS) in Windows Vista SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, update to a newer version to mitigate the risk.