This module exploits a .data based buffer overflow in the function _RegistryInitValues@12 of LLSSRV.EXE (Microsoft's License and Logging Service), to then force a stack-based buffer overflow in the function _LocalServiceListConcurrentLimitSet@0. The exploit doesn't use any hardcoded address, it instead uses DCE-RPC messages to place the agent (and other structures) in the memory of the target service, and then uses other DCE-RPC messages to learn the addresses of this structures. In default installations of Windows 2000 Service Pack 4 (Server and Advanced Servers) the LlsSrv service needs authentication, the same may also be true in non default configurations. In these cases, a valid username and password or username and hashes combination will be needed and should to be entered in the Advanced parameters tab. This service is accessible via the TCP port 139 and 445.
CVE Link
Exploit Platform
Product Name