Technical Information

Brief overview of the risk:
A remote code execution vulnerability exists in the Message Queuing Service when it incorrectly validates input strings before passing the strings to a buffer.
Detailed Information on the risk:
An attacker could exploit the vulnerability by constructing a specially crafted MSMQ message that could allow remote code execution in a remote attack scenario on Microsoft Windows 2000 Server and a local elevation of privilege in a local scenario on Microsoft Windows 2000 Professional and Windows XP. An attacker who successfully exploited this vulnerability could take complete control of an affected system.Further information on this exploit is available at : MS07-065