MS09-064: Vulnerability in the License Logging Service (974783) (uncredentialed check)

Critical Nessus Plugin ID 42443


Arbitrary code can be executed on the remote host.


The remote version of Windows contains a flaw in the Logging Service that may allow an attacker to execute arbitrary code on the remote host.

To exploit this flaw, an attacker would need to send a malformed packet to the remote logging service and would be able to either execute arbitrary code on the remote host or perform a denial of service.


Microsoft has released a set of patches for Windows 2000.

See Also

Plugin Details

Severity: Critical

ID: 42443

File Name: smb_kb974783.nasl

Version: $Revision: 1.15 $

Type: local

Agent: windows

Family: Windows

Published: 2009/11/10

Modified: 2017/08/30

Dependencies: 13855

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/Registry/Enumerated, Host/OS/smb

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/11/10

Vulnerability Publication Date: 2009/11/10

Exploitable With

Core Impact

Reference Information

CVE: CVE-2009-2523

BID: 36921

OSVDB: 59855

MSFT: MS09-064

MSKB: 974783

CWE: 119