PCWorks: Windows License Logging Service Buffer Overflow (WinNT4 and 2000 & 2003 Server only)

Tue, 08 Feb 2005 22:38:01 -0800 

For WinNT4, and 2000 & 2003 Server only.
----------------------------------


TITLE:
Microsoft Windows License Logging Service Buffer Overflow

SECUNIA ADVISORY ID:
SA14192

VERIFY ADVISORY:
http://secunia.com/advisories/14192/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
>From local network

OPERATING SYSTEM:
Microsoft Windows Server 2003 Web Edition
http://secunia.com/product/1176/
Microsoft Windows Server 2003 Standard Edition
http://secunia.com/product/1173/
Microsoft Windows Server 2003 Enterprise Edition
http://secunia.com/product/1174/
Microsoft Windows Server 2003 Datacenter Edition
http://secunia.com/product/1175/
Microsoft Windows NT 4.0 Server, Terminal Server Edition
http://secunia.com/product/19/
Microsoft Windows NT 4.0 Server
http://secunia.com/product/18/
Microsoft Windows 2000 Server
http://secunia.com/product/20/

DESCRIPTION:
Kostya Kortchinsky has reported a vulnerability in some
versions of
Microsoft Windows, which can be exploited by malicious people
to
compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the
License
Logging service and can be exploited to cause a buffer overflow
via a
specially crafted message.

Successful exploitation allows execution of arbitrary code.

SOLUTION:
Apply patches.

Microsoft Windows NT Server 4.0 (requires Service Pack 6a)
http://www.microsoft.com/downloads/details.aspx?FamilyId=817FDC2D-AEE2-4FAF-908B-197B65A471F2

Microsoft Windows NT Server 4.0 TSE (requires Service Pack 6):
http://www.microsoft.com/downloads/details.aspx?FamilyId=F7B0934C-3049-4B01-956A-B116F69A667E

Microsoft Windows 2000 Server (requires Service Pack 3 or
Service
Pack 4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=E9983AA2-2CEC-4B62-80D6-8E966A83A5D1

Microsoft Windows Server 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=06EAF8E3-CCB7-482B-8B68-340521150113

Microsoft Windows Server 2003 for Itanium-based systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=EC25EC00-9C08-4555-94C7-21D5A521FDB6

ORIGINAL ADVISORY:
MS05-010 (KB885834):
http://www.microsoft.com/technet/security/bulletin/ms05-010.mspx
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================

Reply via email to