CVE-2009-2523

The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
Configurations

Configuration 1 (hide)

cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

History

09 Feb 2024, 00:24

Type Values Removed Values Added
CWE CWE-119 CWE-787
CWE-125
References (CERT) http://www.us-cert.gov/cas/techalerts/TA09-314A.html - US Government Resource (CERT) http://www.us-cert.gov/cas/techalerts/TA09-314A.html - Third Party Advisory, US Government Resource
References (MS) https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-064 - (MS) https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-064 - Mitigation, Patch, Vendor Advisory
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6300 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6300 - Broken Link

Information

Published : 2009-11-11 19:30

Updated : 2024-02-28 11:21


NVD link : CVE-2009-2523

Mitre link : CVE-2009-2523

CVE.ORG link : CVE-2009-2523


JSON object : View

Products Affected

microsoft

  • windows_2000
CWE
CWE-125

Out-of-bounds Read

CWE-787

Out-of-bounds Write