Reported February 8, 2005 by Microsoft

VERSIONS AFFECTED


  • Windows NT Server 4.0

  • Windows 2000 Server SP3 and SP4

  • Windows Server 2003

DESCRIPTION

A vulnerability exists in the License Logging service that could allow a remote intruder to execute code on a user's system. A successful exploit could allow the intruder to take complete control of the user's system.

VENDOR RESPONSE

Microsoft has released Security Bulletin MS05-010, "Vulnerability in the License Logging Service Could Allow Code Execution (885834)," and a patch to correct the problem.

CREDIT
Kostya Kortchinsky from CERT RENATER