Microsoft Windows Message Queuing service (MSMQ) Null Pointer Vulnerability( 12 August 2009 )
RISK: Medium Risk
An elevation of privilege vulnerability exists in the Windows Message Queuing service (MSMQ) due to a specific flaw in the parsing of an IOCTL request to the Message Queuing service. The MSMQ service improperly checks input data before passing them to the buffer. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Impact
- Elevation of Privilege
System / Technologies affected
- Microsoft Windows 2000
- Windows XP
- Windows Server 2003
- Windows Vista
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista
- Windows Vista x64 Edition
Vulnerability Identifier
Source
Related Link
Share with