Signature Detail

MS-RPC: License Logging Server Remote Code Execution

This signature detects attempts to exploit a known vulnerability against Microsoft License Logging Server. A successful attack allows remote code execution on the server resulting in the attacker taking over complete control of the system.

Extended Description

The Microsoft Windows License Logging Server is prone to a remote heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition.

Affected Products

• Microsoft Windows 2000 Advanced Server SP1
• Microsoft Windows 2000 Advanced Server SP2
• Microsoft Windows 2000 Advanced Server SP3
• Microsoft Windows 2000 Advanced Server SP4
• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Datacenter Server SP1
• Microsoft Windows 2000 Datacenter Server SP2
• Microsoft Windows 2000 Datacenter Server SP3
• Microsoft Windows 2000 Datacenter Server SP4
• Microsoft Windows 2000 Datacenter Server
• Microsoft Windows 2000 Server SP1
• Microsoft Windows 2000 Server SP2
• Microsoft Windows 2000 Server SP3
• Microsoft Windows 2000 Server SP4
• Nortel Networks Contact Center Express
• Nortel Networks Contact Center - TAPI Server
• Nortel Networks Enterprise VoIP TM-CS1000

References

• BugTraq: 36921
• CVE: CVE-2009-2523