{"vuid":"VU#130433","idnumber":"130433","name":"Microsoft License Logging Service buffer overflow","keywords":["MS05-010"],"overview":"A vulnerability in a component of some server versions of Microsoft Windows could allow a remote attacker to execute code on a vulnerable system.","clean_desc":"Microsoft's License Logging Service (LLS) assists in the management of licenses for some Microsoft server products. An error in the way that the LLS handles an unchecked buffer results in a vulnerability. An attacker with the ability to send a specially-crafted message to the LLS could exploit this vulnerability to execute code of their choosing or cause a denial of service. The specific nature of the message exploiting this vulnerability is not known. Microsoft reports that, for some affected versions of Windows, only authenticated users or programs on the local network can establish a connection to the LLS and exploit the vulnerability. These versions are Windows 2000 Server Service Pack 4\nWindows Server 2003\nWindows Small Business Server 2003 and Small Business Server 2000 running on Windows 2000 Server Service Pack 4 For other affected versions of Windows, any unauthenticated remote attacker may be able to connect to the LLS and exploit the vulnerability. Microsoft also notes that LLS is disabled by default in Windows Server 2003 and will not be included in future versions of the Windows operating system.","impact":"On affected versions of Windows NT and Windows 2000 Server, a remote attacker may be able to execute arbitrary code with Local System privileges on a vulnerable system. Microsoft reports that exploitation of this vulnerability on Windows Server 2003 systems causes the License Logging Service to crash, resulting in a denial of service on that platform.","resolution":"Apply a patch Microsoft has published Microsoft Security Bulletin MS05-010 in response to this issue. Users are strongly encouraged to review this advisory and apply the patches it refers to.","workarounds":"Workarounds Microsoft Security Bulletin MS05-010 also contains a number of workarounds for this issue. Users, particularly those who are affected but unable to apply the patches, are encouraged to implement these workarounds.","sysaffected":"","thanks":"Thanks to Microsoft Security for reporting this vulnerability. Microsoft, in turn, thanks Kostya Kortchinsky of \nCERT RENATER\n for reporting this issue.","author":"This document was written by Chad R Dougherty based upon information provided by Microsoft.","public":["h","t","t","p",":","/","/","w","w","w",".","m","i","c","r","o","s","o","f","t",".","c","o","m","/","t","e","c","h","n","e","t","/","s","e","c","u","r","i","t","y","/","b","u","l","l","e","t","i","n","/","m","s","0","5","-","0","1","0",".","m","s","p","x"],"cveids":["CVE-2005-0050"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-02-08T18:50:30Z","publicdate":"2005-02-08T00:00:00Z","datefirstpublished":"2005-02-08T22:06:47Z","dateupdated":"2005-02-08T22:31:35Z","revision":8,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"10","cam_impact":"19","cam_easeofexploitation":"8","cam_attackeraccessrequired":"15","cam_scorecurrent":"10.6875","cam_scorecurrentwidelyknown":"12.825","cam_scorecurrentwidelyknownexploited":"21.375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":10.6875,"vulnote":null}