CVE-2017-0166Incorrect Calculation of Buffer Size in Corporation Ldap

CWE-131Incorrect Calculation of Buffer Size5 documents4 sources
Severity
8.1HIGHNVD
EPSS
1.5%
top 18.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
18
Microsoft Corporation LdapMicrosoft Windows 10Microsoft Windows Server 2008+15 more
Timeline
PublishedApr 12
Latest updateMay 13

Description

An elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain Controller, aka "LDAP Elevation of Privilege Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages17 packages

CVEListV5microsoft_corporation/ldapWindows

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-39cj-3mcf-vq77: An elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated2022-05-13

📋Vendor Advisories

1
Microsoft
LDAP Elevation of Privilege Vulnerability2017-04-11

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday - April 20172017-04-12
Talos
Microsoft Patch Tuesday - April 20172017-04-12