CyberSec.Space Logo
CVEブラウザに戻る

CVE-2009-2523

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1830%
EPSS Percentile26.40th
Published2009年11月11日
Last Modified2026年4月23日

Vulnerability Description

The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."

Affected Platforms (CPE)

💻
Microsoft

Windows 2000

All versions

References & Advisories

🔗 http://www.us-cert.gov/cas/techalerts/TA09-314A.html
🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-064
🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6300
🔗 http://www.us-cert.gov/cas/techalerts/TA09-314A.html
🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-064
🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6300

関連する脆弱性情報

CVE-2000-103410.0

Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a ...

CVE-2000-006110.0

Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document h...

CVE-2000-022210.0

The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote ...

CVE-2000-107110.0

The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote...