MS Windows License Logging Server Remote Code Execution Vulnerability (974783) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS09-064.

Impact

Successful exploitation will allow remote attackers to crash an affected Service or execute arbitrary code on the victim's system. Impact Level: System/Aplication.

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms09-064.mspx

Insight

This issue is caused by a buffer overflow error in 'Llssrv.exe' when handling specially crafted RPC packets.

Affected

Microsoft Windows 2K Service Pack 4 and prior.

References

http://support.microsoft.com/kb/974783
http://www.microsoft.com/technet/security/bulletin/ms09-064.mspx
http://www.vupen.com/english/advisories/2009/3190

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2523

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553)
Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378)
Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212)
Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)
.NET JIT Compiler Vulnerability

Take action and discover your vulnerabilities