High severity8.8NVD Advisory· Published Dec 14, 2011· Updated Jun 16, 2026
CVE-2011-3406
CVE-2011-3406
Description
Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11- cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
- Range: Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2/R2 SP1, 7 Gold/SP1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.