CVE-2009-2523
published 2009-11-11CVE-2009-2523: The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string…
PriorityP355critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
26.46%
97.8th percentile
The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Heap-based Buffer Overflow
mitre_cwe
CWE-122 Heap-based Buffer Overflow
CWE-122: Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Availability. Impact: DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory). Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop.
Scope: Integrity, Confidentiality, Availability, Access Control. Impact: Execute Unauthorized Code or Commands, Bypass Protection Mechanism, Modify Memory. Buffer overflows often can be used to e
CWE
Buffer Over-read
mitre_cwe
CWE-126 Buffer Over-read
CWE-126: Buffer Over-read
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Confidentiality. Impact: Read Memory.
Scope: Confidentiality. Impact: Bypass Protection Mechanism. By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service.
Scope: Availability, Integrity. Impact: DoS: Crash, Exit, or Restart. An attacker might be able to cause a crash or other denial of service by c
CWE
Improper Null Termination
mitre_cwe
CWE-170 Improper Null Termination
CWE-170: Improper Null Termination
The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.
Null termination errors frequently occur in two different ways. An off-by-one error could cause a null to be written out of bounds, leading to an overflow. Or, a program could use a strncpy() function call incorrectly, which prevents a null terminator from being added at all. Other scenarios are possible.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Confidentiality, Integrity, Availability. Impact: Read Memory, Execute Unauthorized Code or Commands. The case of an omitted null character is the most dangerous of the possible issues. This will almost certainly result in information disclosure, and possibl
CWE
Out-of-bounds Read
mitre_cwe
CWE-125 Out-of-bounds Read
CWE-125: Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Confidentiality. Impact: Read Memory. An attacker could get secret values such as cryptographic keys, PII, memory addresses, or other information that could be used in additional attacks.
Scope: Confidentiality. Impact: Bypass Protection Mechanism. Out-of-bounds memory could contain memory addresses or other information that can be used to bypass ASLR and other protection mechanisms in order to improve the reliability of exploiting a separate weakness for code execution.
Scope: Availability. Impact: DoS: Crash, Exit, or Restart. An attacker could cause a segmentation fault or crash by causing memory to
http://www.us-cert.gov/cas/techalerts/TA09-314A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-064https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6300http://www.us-cert.gov/cas/techalerts/TA09-314A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-064https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6300
2009-11-11
Published