Microsoft Windows License Logging Server Heap Overflow Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	11/10/2009
Severity:	High
Operating Systems Affected:	Microsoft Windows 2000 Server SP4
Type:	Remote
Identifiers:	CVE-2009-2523

Synopsis

Microsoft Windows License Logging Server is prone to a heap overflow vulnerability. This vulnerability exists in the way that the Microsoft License Logging Server software handles specially crafted RPC packets.

Recommended Actions

Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms09-064.mspx

Threat Analysis

The License Logging service fails to validate the length of a string passed to it through an RPC call. This results in a buffer overflow on the heap.

An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted network message to a computer running the License Logging service.

An attacker who successfully exploited this vulnerability could take complete control of an affected system.

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2523

Write-up by: Aditya Chaturvedi