ID |
CVE-2009-2523
|
Summary |
The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability." |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 10.0 (as of 09-02-2024 - 00:24) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-787 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
msbulletin
via4
|
bulletin_id | MS09-064 | bulletin_url | | date | 2009-11-10T00:00:00 | impact | Remote Code Execution | knowledgebase_id | 974783 | knowledgebase_url | | severity | Critical | title | Vulnerability in License Logging Server Could Allow Remote Code Execution |
|
oval
via4
|
accepted | 2009-12-28T04:00:26.884-05:00 | class | vulnerability | contributors | name | Dragos Prisaca | organization | Gideon Technologies, Inc. |
name | Dragos Prisaca | organization | Gideon Technologies, Inc. |
| definition_extensions | comment | Microsoft Windows 2000 SP4 or later is installed | oval | oval:org.mitre.oval:def:229 |
| description | The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability." | family | windows | id | oval:org.mitre.oval:def:6300 | status | accepted | submitted | 2009-11-10T13:00:00 | title | License Logging Server Heap Overflow Vulnerability | version | 73 |
|
refmap
via4
|
|
Last major update |
09-02-2024 - 00:24 |
Published |
11-11-2009 - 19:30 |
Last modified |
09-02-2024 - 00:24 |