CVE-2007-3039 – Microsoft Windows Message Queuing Service Stack Overflow Vulnerability

https://notcve.org/view.php?id=CVE-2007-3039

Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server. Un desbordamiento de búfer en la región stack de la memoria en el servicio Microsoft Message Queuing Service (MSMQ) en Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4 y Windows XP SP2 permite a los atacantes ejecutar código arbitrario por medio de una cadena larga en una llamada RPC 0x06 opnum al puerto 2103. NOTA: esto es explotable de forma remota en Windows 2000 Server. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows with the Message Queuing Service enabled. • https://www.exploit-db.com/exploits/16750 https://www.exploit-db.com/exploits/4745 https://www.exploit-db.com/exploits/4934 https://www.exploit-db.com/exploits/4760 http://secunia.com/advisories/28011 http://secunia.com/advisories/28051 http://www.securityfocus.com/archive/1/484891/100/0/threaded http://www.securityfocus.com/archive/1/485268/100/0/threaded http://www.securityfocus.com/bid/26797 http://www.securitytracker.com/id?1019077 http://www.us-cert.gov/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •