CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS07-065 | Vulnerability in Message Queuing Could Allow Remote Code Execution (937894) | Microsoft Windows | Critical | 12-12-2007 |
Technical Information
Brief overview of the risk:
A remote code execution vulnerability exists in the Message Queuing Service when it incorrectly validates input strings before passing the strings to a buffer.
Detailed Information on the risk:
An attacker could exploit the vulnerability by constructing a specially crafted MSMQ message that could allow remote code execution in a remote attack scenario on Microsoft Windows 2000 Server and a local elevation of privilege in a local scenario on Microsoft Windows 2000 Professional and Windows XP. An attacker who successfully exploited this vulnerability could take complete control of an affected system.Further information on this exploit is available at : MS07-065
Affected Software
Microsoft Windows 2000 Professional SP4Microsoft Windows 2000 Server Service Pack 4
Microsoft Windows XP Service Pack 2