Microsoft Knowledge Base Article 885834 is not installed
| win-ms05kb885834-update (19102) |  Medium Risk |
Description:
Microsoft Knowledge Base Article 885834 is not installed, which could allow a remote attacker to exploit the following vulnerability:
Microsoft Windows NT Server 4.0, Windows 2000 Server and Windows Server 2003 could allow a remote attacker to execute arbitrary code on the system, caused by improper bounds checking in the License Logging service. The License Logging service is a tool for managing Server Client Access Licenses (CAL). A remote attacker could exploit this vulnerability to execute arbitrary code on the system.
Note: By default, in Windows Server 2003, the License Logging service is disabled.
Consequences:
Gain Access
Remedy:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS05-010. See References.
References:
- CIAC Information Bulletin P-132: Microsoft Vulnerability in the License Logging Service.
- IBM Internet Security Systems X-Force Database: Microsoft Windows Servers License Logging service code execution.
- Internet Security Systems Protection Alert February 8, 2005: Multiple Vulnerabilities in Microsoft Products - February 2005.
- Microsoft Security Bulletin MS05-010: Vulnerability in the License Logging Service Could Allow Code Execution (885834).
- CVE-2005-0050: The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an unchecked buffer and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the License Logging Service Vulnerability.
Platforms Affected:
- Microsoft Windows 2000 SP3 Server
- Microsoft Windows 2000 SP4 Server
- Microsoft Windows 2003 Server Itanium
- Microsoft Windows 2003 Server
- Microsoft Windows NT 4.0 SP6 Terminal Server
- Microsoft Windows NT 4.0 SP6a Server
Reported:
Feb 08, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net