CyberSec.Space Logo
Back to CVE Browser

CVE-2009-2523

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1830%
EPSS Percentile26.40th
PublishedNov 11, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."

Affected Platforms (CPE)

πŸ’»
Microsoft

Windows 2000

All versions

References & Advisories

πŸ”— http://www.us-cert.gov/cas/techalerts/TA09-314A.html
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-064
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6300
πŸ”— http://www.us-cert.gov/cas/techalerts/TA09-314A.html
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-064
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6300

Related Vulnerabilities

CVE-2000-103410.0

Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a ...

CVE-2000-006110.0

Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document h...

CVE-2000-022210.0

The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote ...

CVE-2000-107110.0

The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote...