Oval Definition:oval:org.mitre.oval:def:6253
Revision Date:2014-04-07Version:49
Title:Active Directory Memory Leak Vulnerability
Description:Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2009-1139
Platform(s):Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows XP
Product(s):
Definition Synopsis
  • AND
  • Microsoft Windows 2000 SP4 or later is installed
  • AND NTDS Service is installed
  • AND Ntdsa.dll version is less than 5.0.2195.7292
  • AND the system is being used as AD - DomainRole is 4 or 5
  • OR
  • Microsoft Windows Server 2003 SP2 (x86) is installed
  • OR Microsoft Windows Server 2003 SP2 (x64) is installed
  • AND Active Directory or ADAM
  • NTDS Service is installed
  • AND the system is being used as AD - DomainRole is 4 or 5
  • AND ntdsa.dll version is less than 5.2.3790.4501
  • Check if ADAM service is installed
  • AND adamdsa.dll version is less than 1.1.3790.4503
  • OR
  • Microsoft Windows XP (x86) SP2 is installed
  • OR Microsoft Windows XP (x86) SP3 is installed
  • AND Check if ADAM service is installed
  • AND adamdsa.dll version is less than 1.1.3790.4501
  • OR
  • Microsoft Windows XP x64 Edition SP2 is installed
  • AND Check if ADAM service is installed
  • AND adamdsa.dll version is less than 1.1.3790.4503
    • BACK