Skip to main content

Microsoft Windows Message Queuing Service Remote Code Execution Vulnerability( 15 October 2008 )

Last Update Date: 28 Jan 2011 Release Date: 15 Oct 2008 5090 Views

RISK: Medium Risk

A remote code execution vulnerability exists in the Message Queuing Service due to a specific flaw in the parsing of an RPC request to the Message Queuing service.

An attacker could exploit the vulnerability by sending a specially crafted RPC request. A heap request can be controlled and later overflowed during an unchecked string copy operation. Successful exploitation of this issue could lead to full access to the affected system under the SYSTEM context. An attacker who successfully exploited this vulnerability could take complete control of an affected system.


Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Windows 2000 Service Pack 4

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch


Vulnerability Identifier


Source


Related Link