<< Back
CVE Number Vulnerability Product Severity Date
MS07-065 Vulnerability in Message Queuing Could Allow Remote Code Execution (937894) Microsoft Windows Critical 12-12-2007

Technical Information

Brief overview of the risk:
A remote code execution vulnerability exists in the Message Queuing Service when it incorrectly validates input strings before passing the strings to a buffer.
Detailed Information on the risk:
An attacker could exploit the vulnerability by constructing a specially crafted MSMQ message that could allow remote code execution in a remote attack scenario on Microsoft Windows 2000 Server and a local elevation of privilege in a local scenario on Microsoft Windows 2000 Professional and Windows XP. An attacker who successfully exploited this vulnerability could take complete control of an affected system.Further information on this exploit is available at : MS07-065

Affected Software

Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Server Service Pack 4
Microsoft Windows XP Service Pack 2