Technical Information

Brief overview of the risk:
A remote code execution vulnerability exists in the Message Queuing Service due to a specific flaw in the parsing of an RPC request to the Message Queuing service.
Detailed Information on the risk:
An attacker could exploit the vulnerability by sending a specially crafted RPC request. A heap request can be controlled and later overflowed during an unchecked string copy operation. Successful exploitation of this issue could lead to full access to the affected system under the SYSTEM context. An attacker who successfully exploited this vulnerability could take complete control of an affected system. Further information on this exploit is available at : MS08-065