Skip to main content

Microsoft Windows Message Queuing service (MSMQ) Null Pointer Vulnerability( 12 August 2009 )

Last Update Date: 28 Jan 2011 Release Date: 12 Aug 2009 5078 Views

RISK: Medium Risk

An elevation of privilege vulnerability exists in the Windows Message Queuing service (MSMQ) due to a specific flaw in the parsing of an IOCTL request to the Message Queuing service. The MSMQ service improperly checks input data before passing them to the buffer. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.