Microsoft Windows Message Queuing Service Remote Code Execution Vulnerability( 15 October 2008 )

Last Update Date: 28 Jan 2011 Release Date: 15 Oct 2008 4531 Views

RISK: Medium Risk

Medium Risk

A remote code execution vulnerability exists in the Message Queuing Service due to a specific flaw in the parsing of an RPC request to the Message Queuing service.

An attacker could exploit the vulnerability by sending a specially crafted RPC request. A heap request can be controlled and later overflowed during an unchecked string copy operation. Successful exploitation of this issue could lead to full access to the affected system under the SYSTEM context. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Windows 2000 Service Pack 4

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Windows SMB Buffer Underflow Vulnerability( 15 October 2008 )

15 Oct 2008 4616 Views

Next

Oracle and BEA Products Multiple Code Execution Vulnerabilities

15 Oct 2008 4878 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY