CVE-2005-0050

CWE-20 — Improper Input Validation3 documents3 sources

Severity

10.0CRITICAL

EPSS

55.5%

top 1.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 2003 Server Microsoft Windows NT

Timeline

PublishedMay 2

Latest updateMay 1

Description

The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/windows_2003_server7 versions+6

▶NVDmicrosoft/windows_nt4.0

Patches

Patch: www.kb.cert.org ↗Patch: www.us-cert.gov ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-xh84-5f5q-96wv: The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, whi↗2022-05-01

▶

CVEList

CVE-2005-0050: The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, whi↗2005-02-08

▶