Vulnerability Note VU#348953

Microsoft Windows Active Directory fails to properly validate client sent LDAP requests

Original Release date: 11 Jul 2007 | Last revised: 11 Jul 2007


Microsoft Windows Active Directory fails to properly validate client-sent LDAP requests and may result in a denial of service condition.


Microsoft Windows Active Directory contains a vulnerability in the way that the LDAP service validates the number of convertible attributes in the client-sent request. By sending a specially crafted LDAP request to a server running Active Directory, an attacker may be able to cause the server to stop responding.


A remote attacker may be able to cause a denial of service condition.


Apply an Update

Microsoft has released updates in Microsoft Security Bulletin MS07-039 to address this issue.


Microsoft suggests blocking port 389/tcp and port 3268/tcp at the firewall to prevent exploitation of this vulnerability. Please see Microsoft Security Bulletin MS07-039 for further information.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Microsoft CorporationAffected-10 Jul 2007
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



This vulnerability was reported in Microsoft Security Bulletin MS07-039. Microsoft credits Peter Winter-Smith of NGSSoftware for reporting the vulnerability to them.

This document was written by Katie Steiner.

Other Information

  • CVE IDs: CVE-2007-3028
  • Date Public: 10 Jul 2007
  • Date First Published: 11 Jul 2007
  • Date Last Updated: 11 Jul 2007
  • Severity Metric: 0.39
  • Document Revision: 7


If you have feedback, comments, or additional information about this vulnerability, please send us email.