CVE-2009-2523
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
El servidor de registro de licencias (llssrv. exe) en Microsoft Windows 2000 SP4 permite a los atacantes remotos ejecutar código arbitrario a través de un mensaje RPC que contiene una cadena sin null terminator, que desencadena un desbordamiento de búfer basado en el montón en el método LlsrLicenseRequestW, también conocido como "vulnerabilidad de desbordamiento de montón de servidor de registro de licencias."
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-07-17 CVE Reserved
- 2009-11-11 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
- CWE-787: Out-of-bounds Write
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.us-cert.gov/cas/techalerts/TA09-314A.html | Third Party Advisory | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6300 | Broken Link |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-064 | 2024-02-09 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4 |
Affected
|