Active Directory Services
by Microsoft
CVEs (38)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-5112 | 0.05 | — | 0.20 | Nov 17, 2008 | The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a… | |||
| CVE-2013-3868 | 0.03 | — | 0.38 | Sep 11, 2013 | Microsoft Active Directory Lightweight Directory Service (AD LDS) on Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 8 and Active Directory Services on Windows Server 2008 SP2 and R2 SP1 and Server 2012 allow remote attackers to cause a denial… | |||
| CVE-2009-1139 | 0.03 | — | 0.39 | Jun 10, 2009 | Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service… | |||
| CVE-2009-1138 | 0.03 | — | 0.39 | Jun 10, 2009 | The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to… | |||
| CVE-2008-4023 | 0.03 | — | 0.39 | Oct 15, 2008 | Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability." | |||
| CVE-2007-0040 | 0.03 | — | 0.39 | Jul 10, 2007 | The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an… | |||
| CVE-2007-3028 | 0.03 | — | 0.40 | Jul 10, 2007 | The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client… | |||
| CVE-2013-1282 | 0.02 | — | 0.27 | Apr 9, 2013 | The LDAP service in Microsoft Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services allows remote attackers to cause a denial of service (memory consumption and service outage) via a… | |||
| CVE-2011-0040 | 0.02 | — | 0.23 | Feb 9, 2011 | The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers… | |||
| CVE-2009-1928 | 0.02 | — | 0.30 | Nov 11, 2009 | Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2; Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2; and Active Directory Lightweight… | |||
| CVE-2008-1445 | 0.02 | — | 0.27 | Jun 12, 2008 | Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request. | |||
| CVE-2008-0088 | 0.02 | — | 0.29 | Feb 12, 2008 | Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request. | |||
| CVE-2003-0507 | 0.02 | — | 0.27 | Aug 7, 2003 | Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) "AND," (2) "OR," and possibly other… | |||
| CVE-2025-29968 | 0.01 | — | 0.02 | May 13, 2025 | Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network. | |||
| CVE-2025-21351 | 0.01 | — | 0.02 | Feb 11, 2025 | Windows Active Directory Domain Services API Denial of Service Vulnerability | |||
| CVE-2015-2535 | 0.01 | — | 0.12 | Sep 9, 2015 | Active Directory in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service outage) by creating multiple machine accounts, aka "Active Directory Denial of Service Vulnerability." | |||
| CVE-2011-2014 | 0.01 | — | 0.11 | Nov 8, 2011 | The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2,… | |||
| CVE-2025-27740 | 0.00 | — | 0.03 | Apr 8, 2025 | Weak authentication in Windows Active Directory Certificate Services allows an authorized attacker to elevate privileges over a network. |
- CVE-2008-5112Nov 17, 2008risk 0.05cvss —epss 0.20
The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a…
- CVE-2013-3868Sep 11, 2013risk 0.03cvss —epss 0.38
Microsoft Active Directory Lightweight Directory Service (AD LDS) on Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 8 and Active Directory Services on Windows Server 2008 SP2 and R2 SP1 and Server 2012 allow remote attackers to cause a denial…
- CVE-2009-1139Jun 10, 2009risk 0.03cvss —epss 0.39
Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service…
- CVE-2009-1138Jun 10, 2009risk 0.03cvss —epss 0.39
The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to…
- CVE-2008-4023Oct 15, 2008risk 0.03cvss —epss 0.39
Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."
- CVE-2007-0040Jul 10, 2007risk 0.03cvss —epss 0.39
The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an…
- CVE-2007-3028Jul 10, 2007risk 0.03cvss —epss 0.40
The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client…
- CVE-2013-1282Apr 9, 2013risk 0.02cvss —epss 0.27
The LDAP service in Microsoft Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services allows remote attackers to cause a denial of service (memory consumption and service outage) via a…
- CVE-2011-0040Feb 9, 2011risk 0.02cvss —epss 0.23
The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers…
- CVE-2009-1928Nov 11, 2009risk 0.02cvss —epss 0.30
Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2; Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2; and Active Directory Lightweight…
- CVE-2008-1445Jun 12, 2008risk 0.02cvss —epss 0.27
Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
- CVE-2008-0088Feb 12, 2008risk 0.02cvss —epss 0.29
Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.
- CVE-2003-0507Aug 7, 2003risk 0.02cvss —epss 0.27
Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) "AND," (2) "OR," and possibly other…
- CVE-2025-29968May 13, 2025risk 0.01cvss —epss 0.02
Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network.
- CVE-2025-21351Feb 11, 2025risk 0.01cvss —epss 0.02
Windows Active Directory Domain Services API Denial of Service Vulnerability
- CVE-2015-2535Sep 9, 2015risk 0.01cvss —epss 0.12
Active Directory in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service outage) by creating multiple machine accounts, aka "Active Directory Denial of Service Vulnerability."
- CVE-2011-2014Nov 8, 2011risk 0.01cvss —epss 0.11
The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2,…
- CVE-2025-27740Apr 8, 2025risk 0.00cvss —epss 0.03
Weak authentication in Windows Active Directory Certificate Services allows an authorized attacker to elevate privileges over a network.
Page 2 of 2