Signature Detail

SMB: License Logging Service Vulnerability

This signature detects attempts to exploit a known vulnerability in the License Logging service. Attackers, sending a malformed network message, can gain complete control allowing them to remotely execute arbitrary code on the target system.

Extended Description

A buffer overflow exists in the Microsoft Windows License Logging Service. This could allow remote execution of arbitrary code.

Affected Products

• Microsoft Small Business Server 2000
• Microsoft Small Business Server 2003
• Microsoft Windows 2000 Advanced Server SP1
• Microsoft Windows 2000 Advanced Server SP2
• Microsoft Windows 2000 Advanced Server SP3
• Microsoft Windows 2000 Advanced Server SP4
• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Datacenter Server SP1
• Microsoft Windows 2000 Datacenter Server SP2
• Microsoft Windows 2000 Datacenter Server SP3
• Microsoft Windows 2000 Datacenter Server SP4
• Microsoft Windows 2000 Datacenter Server
• Microsoft Windows 2000 Server SP1
• Microsoft Windows 2000 Server SP2
• Microsoft Windows 2000 Server SP3
• Microsoft Windows 2000 Server SP4
• Microsoft Windows 2000 Server
• Microsoft Windows NT Enterprise Server 4.0
• Microsoft Windows NT Enterprise Server 4.0 SP1
• Microsoft Windows NT Enterprise Server 4.0 SP2
• Microsoft Windows NT Enterprise Server 4.0 SP3
• Microsoft Windows NT Enterprise Server 4.0 SP4
• Microsoft Windows NT Enterprise Server 4.0 SP5
• Microsoft Windows NT Enterprise Server 4.0 SP6
• Microsoft Windows NT Enterprise Server 4.0 SP6a
• Microsoft Windows NT Server 4.0
• Microsoft Windows NT Server 4.0 SP1
• Microsoft Windows NT Server 4.0 SP2
• Microsoft Windows NT Server 4.0 SP3
• Microsoft Windows NT Server 4.0 SP4
• Microsoft Windows NT Server 4.0 SP5
• Microsoft Windows NT Server 4.0 SP6
• Microsoft Windows NT Server 4.0 SP6a
• Microsoft Windows NT Terminal Server 4.0
• Microsoft Windows NT Terminal Server 4.0 SP1
• Microsoft Windows NT Terminal Server 4.0 SP2
• Microsoft Windows NT Terminal Server 4.0 SP3
• Microsoft Windows NT Terminal Server 4.0 SP4
• Microsoft Windows NT Terminal Server 4.0 SP5
• Microsoft Windows NT Terminal Server 4.0 SP6
• Microsoft Windows NT Terminal Server 4.0 SP6a
• Microsoft Windows Server 2003 Datacenter Edition
• Microsoft Windows Server 2003 Datacenter Edition Itanium
• Microsoft Windows Server 2003 Enterprise Edition
• Microsoft Windows Server 2003 Enterprise Edition Itanium
• Microsoft Windows Server 2003 Standard Edition
• Microsoft Windows Server 2003 Web Edition
• Nortel Networks IP softphone 2050
• Nortel Networks Mobile Voice Client 2050
• Nortel Networks Optivity Telephony Manager (OTM)
• Nortel Networks Symposium Agent
• Nortel Networks Symposium Agent Greeting
• Nortel Networks Symposium Express Call Center (SECC)
• Nortel Networks Symposium Network Control Center (NCC)
• Nortel Networks Symposium TAPI Service Provider
• Nortel Networks Symposium Web Center Portal (SWCP)
• Nortel Networks Symposium Web Client

References

• BugTraq: 12481
• CVE: CVE-2005-0050
• URL: http://www.microsoft.com/technet/security/Bulletin/MS05-010.mspx
• URL: http://www.kb.cert.org/vuls/id/130433