Executive Summary
Summary | |
---|---|
Title | Vulnerability in License Logging Server Could Allow Remote Code Execution (974783) |
Informations | |||
---|---|---|---|
Name | MS09-064 | First vendor Publication | 2009-11-10 |
Vendor | Microsoft | Last vendor Modification | 2009-11-10 |
Severity (Vendor) | Critical | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.0 (November 10, 2009): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft Windows 2000. The vulnerability could allow remote code execution if an attacker sent a specially crafted network message to a computer running the License Logging Server. An attacker who successfully exploited this vulnerability could take complete control of the system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
50 % | CWE-125 | Out-of-bounds Read |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6300 | |||
Oval ID: | oval:org.mitre.oval:def:6300 | ||
Title: | License Logging Server Heap Overflow Vulnerability | ||
Description: | The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2523 | Version: | 1 |
Platform(s): | Microsoft Windows 2000 | Product(s): | SMBv2 |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2009-11-11 | Name : MS Windows License Logging Server Remote Code Execution Vulnerability (974783) File : nvt/secpod_ms09-064.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
59855 | Microsoft Windows License Logging Server (llssrv.exe) RPC LlsrLicenseRequestW... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-11-12 | IAVM : 2009-A-0116 - Microsoft Windows License Logging Server Remote Heap Buffer Overflow Vulnerab... Severity : Category I - VMSKEY : V0021937 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt RuleID : 5485 - Revision : 15 - Type : OS-WINDOWS |
2014-01-10 | DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt RuleID : 16239 - Revision : 9 - Type : OS-WINDOWS |
2014-01-10 | DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt RuleID : 16238 - Revision : 10 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-11-10 | Name : Arbitrary code can be executed on the remote host. File : smb_kb974783.nasl - Type : ACT_GATHER_INFO |
2009-11-10 | Name : Arbitrary code can be executed on the remote host. File : smb_nt_ms09-064.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:46:23 |
|
2014-01-19 21:30:24 |
|
2013-11-11 12:41:14 |
|