این آسیب پذیری باعث ایجاد پردازش های ناشناخته درLightweight Directory Access Protocol را تحت می شود. ایجاد تغییرات در این ساختار منجر به استفاده از حافظه پس از آزادسازی آن می شود. حمله ممکن است از راه دور آغاز شود. affected from 10.0.0 before 10.0.20348.2908 affected from 10.0.0 before 10.0.26100.2528 affected from 10.0.0 before 10.0.26100.2528 affected from 10.0.0 before 10.0.26100.2528 بطور عمومی هیچ اکسپلویتی برای این آسیب پذیری در دسترس نیست. احتمال اکسپلویت از طریق این آسیب پذیری کم است زیرا به دلیل پیچیدگی بالا در اکسپلویت مورد نظر جهت نفوذ نیاز به زمانبندی خاصی دارد. لیست بروزرسانی محصولات برای رفع آسیب پذیری موردنظر به شرح زیر است: Windows Server 2012 R2 6.1.7601.27467 6.1.7601.27467 6.0.6003.23016 6.0.6003.23016 6.0.6003.23016 6.0.6003.23016 Windows Server 2016 10.0.26100.2528 10.0.26100.2528 10.0.26100.2528 10.0.26100.2528 Windows 11 Version 22H2 for ARM64-based Systems 10.0.20348.2908 10.0.20348.2908 با توجه به آسیب پذیری موجود می توان آن را در دسته CWE-416 قرار داد. ارجاع دادن به حافظه پس از آزاد شدن می تواند باعث از کار افتادن برنامه، استفاده از مقادیر غیرمنتظره و یا اجرای کد شود. سواستفاده از این آسیب پذیری می تواند بر محرمانگی، یکپارچگی و در دسترس بودن تأثیر بگذارد. احتمال اکسپلویت از این آسیب پذیری در 30 روز آینده 0.04% است. با توجه به این که میزان خطر این آسیب پذیری 8.1 بیان شده و میزان ریسک بالایی را در سیستم ایجاد می کند لذا برای جلوگیری از نفوذ مهاجمان بهتر است همواره از اخرین بروزرسانی های بیان شده استفاده کنید.
چکیده
لیست محصولات آسیب پذیر
Product
Platforms
Versions
Windows 10 Version 1809
32-bit Systems, x64-based Systems
affected from 10.0.0 before 10.0.17763.6659
Windows Server 2019
x64-based Systems
affected from 10.0.0 before 10.0.17763.6659
Windows Server 2019 (Server Core installation)
x64-based Systems
affected from 10.0.0 before 10.0.17763.6659
Windows Server 2022
x64-based Systems
affected from 10.0.0 before 10.0.20348.2966
Windows 10 Version 21H2
32-bit Systems, ARM64-based Systems, x64-based Systems
affected from 10.0.0 before 10.0.19044.5247
Windows 11 version 22H2
ARM64-based Systems, x64-based Systems
affected from 10.0.0 before 10.0.22621.4602
Windows 10 Version 22H2
x64-based Systems, ARM64-based Systems, 32-bit Systems
affected from 10.0.0 before 10.0.19045.5247
Windows Server 2025 (Server Core installation)
x64-based Systems
affected from 10.0.0 before 10.0.26100.2605
Windows 11 version 22H3
ARM64-based Systems
affected from 10.0.0 before 10.0.22631.4602
Windows 11 Version 23H2
x64-based Systems
affected from 10.0.0 before 10.0.22631.4602
Windows Server 2022, 23H2 Edition (Server Core installation)
x64-based Systems
affected from 10.0.0 before 10.0.25398.1308
Windows 11 Version 24H2
ARM64-based Systems, x64-based Systems
affected from 10.0.0 before 10.0.26100.2605
Windows Server 2025
x64-based Systems
affected from 10.0.0 before 10.0.26100.2605
Windows 10 Version 1507
32-bit Systems, x64-based Systems
affected from 10.0.0 before 10.0.10240.20857
Windows 10 Version 1607
32-bit Systems, x64-based Systems
affected from 10.0.0 before 10.0.14393.7606
Windows Server 2016
x64-based Systems
affected from 10.0.0 before 10.0.14393.7606
Windows Server 2016 (Server Core installation)
x64-based Systems
affected from 10.0.0 before 10.0.14393.7606
Windows Server 2008 Service Pack 2
32-bit Systems
affected from 6.0.0 before 6.0.6003.23016
Windows Server 2008 Service Pack 2 (Server Core installation)
32-bit Systems, x64-based Systems
affected from 6.0.0 before 6.0.6003.23016
Windows Server 2008 Service Pack 2
x64-based Systems
affected from 6.0.0 before 6.0.6003.23016
Windows Server 2008 R2 Service Pack 1
x64-based Systems
affected from 6.1.0 before 6.1.7601.27467
Windows Server 2008 R2 Service Pack 1 (Server Core installation)
x64-based Systems
affected from 6.0.0 before 6.1.7601.27467
Windows Server 2012
x64-based Systems
affected from 6.2.0 before 6.2.9200.25222
Windows Server 2012 (Server Core installation)
x64-based Systems
affected from 6.2.0 before 6.2.9200.25222
Windows Server 2012 R2
x64-based Systems
affected from 6.3.0 before 6.3.9600.22318
Windows Server 2012 R2 (Server Core installation)
x64-based Systems
affected from 6.3.0 before 6.3.9600.22318
Product
Impact
Max Severity
Build Number
Windows Server 2012 R2 (Server Core installation)
Remote Code Execution
Critical
6.3.9600.22318
Remote Code Execution
Critical
6.3.9600.22318
Windows Server 2012 (Server Core installation)
Remote Code Execution
Critical
6.2.9200.25222
Windows Server 2012
Remote Code Execution
Critical
6.2.9200.25222
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Remote Code Execution
Critical
6.1.7601.27467
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Remote Code Execution
Critical
6.1.7601.27467
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Remote Code Execution
Critical
6.0.6003.23016
Windows Server 2008 for x64-based Systems Service Pack 2
Remote Code Execution
Critical
6.0.6003.23016
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Remote Code Execution
Critical
6.0.6003.23016
Windows Server 2008 for 32-bit Systems Service Pack 2
Remote Code Execution
Critical
6.0.6003.23016
Windows Server 2016 (Server Core installation)
Remote Code Execution
Critical
10.0.14393.7606
Remote Code Execution
Critical
10.0.14393.7606
Windows 10 Version 1607 for x64-based Systems
Remote Code Execution
Critical
10.0.14393.7606
Windows 10 Version 1607 for 32-bit Systems
Remote Code Execution
Critical
10.0.14393.7606
Windows 10 for x64-based Systems
Remote Code Execution
Critical
10.0.10240.20857
Windows 10 for 32-bit Systems
Remote Code Execution
Critical
10.0.10240.20857
Windows Server 2025
Remote Code Execution
Critical
10.0.26100.2605
Windows 11 Version 24H2 for x64-based Systems
Remote Code Execution
Critical
10.0.26100.2605
Windows 11 Version 24H2 for ARM64-based Systems
Remote Code Execution
Critical
10.0.26100.2605
Windows Server 2022, 23H2 Edition (Server Core installation)
Remote Code Execution
Critical
10.0.25398.1308
Windows 11 Version 23H2 for x64-based Systems
Remote Code Execution
Critical
10.0.22631.4602
Windows 11 Version 23H2 for ARM64-based Systems
Remote Code Execution
Critical
10.0.22631.4602
Windows Server 2025 (Server Core installation)
Remote Code Execution
Critical
10.0.26100.2605
Windows 10 Version 22H2 for 32-bit Systems
Remote Code Execution
Critical
10.0.19045.5247
Windows 10 Version 22H2 for ARM64-based Systems
Remote Code Execution
Critical
10.0.19045.5247
Windows 10 Version 22H2 for x64-based Systems
Remote Code Execution
Critical
10.0.19045.5247
Windows 11 Version 22H2 for x64-based Systems
Remote Code Execution
Critical
10.0.22621.4602
Remote Code Execution
Critical
10.0.22621.4602
Windows 10 Version 21H2 for x64-based Systems
Remote Code Execution
Critical
10.0.19044.5247
Windows 10 Version 21H2 for ARM64-based Systems
Remote Code Execution
Critical
10.0.19044.5247
Windows 10 Version 21H2 for 32-bit Systems
Remote Code Execution
Critical
10.0.19044.5247
Windows Server 2022 (Server Core installation)
Remote Code Execution
Critical
10.0.20348.2966
Windows Server 2022
Remote Code Execution
Critical
10.0.20348.2966
Windows Server 2019 (Server Core installation)
Remote Code Execution
Critical
10.0.17763.6659
Windows Server 2019
Remote Code Execution
Critical
10.0.17763.6659
Windows 10 Version 1809 for x64-based Systems
Remote Code Execution
Critical
10.0.17763.6659
Windows 10 Version 1809 for 32-bit Systems
Remote Code Execution
Critical
10.0.17763.6659
توضیحات
CVSS
Score
Severity
Version
Vector String
8.1
HIGH
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
نتیجه گیری
منابع
آسیب پذیری اجرای کد از راه دور توسط Lightweight Directory Access Protocolدر ویندوز (LDAP)
2
