Tag
#Windows LDAP - Lightweight Directory Access Protocol
**Are there any special conditions necessary for this vulnerability to be exploitable?** Yes. This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable. For more information, please see LDAP policies.
**Are there any special conditions necessary for this vulnerability to be exploitable?** Yes. This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable. For more information, please see LDAP policies.
**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.
**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by convincing a user to connect a Lightweight Directory Access Protocol (LDAP) client to a malicious LDAP server. When the vulnerability is successfully exploited this could allow the malicious server to gain remote code execution within the LDAP client.
**How could an attacker exploit this vulnerability?** An authenticated attacker could send a specially crafted request to a vulnerable LDAP server. Successful exploitation could result in the attacker's code running in the context of the SYSTEM account.
**Are there any special conditions necessary for this vulnerability to be exploitable?** Yes. This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable. For more information, please see LDAP policies.
**Are there any special conditions necessary for this vulnerability to be exploitable?** Yes. This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable. For more information, please see LDAP policies.
**How could an attacker exploit this vulnerability?** This vulnerability could be exploited over the network by an authenticated normal user through a low complexity attack on a server configured as the domain controller.
**How could an attacker exploit this vulnerability?** This vulnerability could be exploited over the network by an authenticated normal user through a low complexity attack on a server configured as the domain controller.
**How could an attacker exploit this vulnerability?** An authenticated attacker could send a specially crafted request to a vulnerable LDAP server. Successful exploitation could result in the attacker's code running in the context of the SYSTEM account.