MS08-035: Vulnerability in Active Directory Could Allow Denial of Service (953235)

High Nessus Plugin ID 33138


It is possible to crash Active Directory on the remote host.


The remote version of Active Directory contains a denial of service vulnerability when processing LDAP requests. An attacker can exploit this flaw to crash the remote Active Directory server.


Microsoft has released a set of patches for Windows 2000, Windows XP, Windows 2003, and 2008.

See Also

Plugin Details

Severity: High

ID: 33138

File Name: smb_nt_ms08-035.nasl

Version: $Revision: 1.28 $

Type: local

Agent: windows

Published: 2008/06/12

Modified: 2017/08/10

Dependencies: 13855, 57033

Risk Information

Risk Factor: High


Base Score: 7.8

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2008/06/10

Vulnerability Publication Date: 2008/06/10

Reference Information

CVE: CVE-2008-1445

BID: 29584

OSVDB: 46066

MSFT: MS08-035

MSKB: 949014, 949269

IAVA: 2008-A-0041

CWE: 20