CVE-2007-3039
Microsoft Windows Message Queuing Service Stack Overflow Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
Un desbordamiento de búfer en la región stack de la memoria en el servicio Microsoft Message Queuing Service (MSMQ) en Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4 y Windows XP SP2 permite a los atacantes ejecutar código arbitrario por medio de una cadena larga en una llamada RPC 0x06 opnum al puerto 2103. NOTA: esto es explotable de forma remota en Windows 2000 Server.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows with the Message Queuing Service enabled. Authentication is not required to exploit this vulnerability.
The specific flaw exists in the RPC interface defined on port 2103 with UUID fdb3a030-065f-11d1-bb9b-00a024ea5525. During the processing of opnum 0x06 the service copies user-supplied information into a fixed length stack buffer. Sending at least 300 bytes will trigger a stack based buffer overflow due to a vulnerable wcscat() call. Exploitation of this issue can result in arbitrary code execution.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-06-05 CVE Reserved
- 2007-12-11 CVE Published
- 2010-07-25 First Exploit
- 2024-08-07 CVE Updated
- 2024-10-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/484891/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/26797 | Vdb Entry | |
| http://www.securitytracker.com/id?1019077 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA07-345A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2007/4181 | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-07-076.html | X_refsource_misc |
|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4474 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/16750 | 2010-07-25 | |
| https://www.exploit-db.com/exploits/4745 | 2024-08-07 | |
| https://www.exploit-db.com/exploits/4934 | 2024-08-07 | |
| https://www.exploit-db.com/exploits/4760 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/28011 | 2018-10-16 | |
| http://secunia.com/advisories/28051 | 2018-10-16 | |
| http://www.securityfocus.com/archive/1/485268/100/0/threaded | 2018-10-16 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-065 | 2018-10-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Message Queuing Search vendor "Microsoft" for product "Message Queuing" | * | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4, pro |
Safe
|
| Microsoft Search vendor "Microsoft" | Message Queuing Search vendor "Microsoft" for product "Message Queuing" | * | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4, srv |
Safe
|
| Microsoft Search vendor "Microsoft" | Message Queuing Search vendor "Microsoft" for product "Message Queuing" | * | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp2 |
Safe
|