<< Back
CVE Number Vulnerability Product Severity Date
MS08-065 Vulnerability in Message Queuing Could Allow Remote Code Execution (951071) Microsoft Windows Critical 15-10-2008

Technical Information

Brief overview of the risk:
A remote code execution vulnerability exists in the Message Queuing Service due to a specific flaw in the parsing of an RPC request to the Message Queuing service.
Detailed Information on the risk:
An attacker could exploit the vulnerability by sending a specially crafted RPC request. A heap request can be controlled and later overflowed during an unchecked string copy operation. Successful exploitation of this issue could lead to full access to the affected system under the SYSTEM context. An attacker who successfully exploited this vulnerability could take complete control of an affected system. Further information on this exploit is available at : MS08-065

Affected Software

Microsoft Windows 2000 Service Pack 4