MS-RPC: License Logging Server Remote Code Execution
This signature detects attempts to exploit a known vulnerability against Microsoft License Logging Server. A successful attack allows remote code execution on the server resulting in the attacker taking over complete control of the system.
Extended Description
The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
Affected Products
Microsoft windows_2000
Short Name
MS-RPC:LLSSRV-RCE
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
MS-RPC
Keywords
CVE-2009-2523 Code Execution License Logging Remote Server bid:36921
Release Date
11/10/2009
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3677
False Positive
Unknown
Vendors
Microsoft
CVSS Score
10.0