Microsoft Message Queuing queue name buffer overflow

Added: 12/12/2007
CVE: CVE-2007-3039
BID: 26797
OSVDB: 39123

Background

Microsoft Message Queuing allows applications which may be running at different times to communicate across a network.

Problem

A buffer overflow vulnerability in the Microsoft Message Queuing service allows remote attackers to execute arbitrary commands by specifying a long, specially crafted queue name with a fully-qualified NetBIOS domain name.

Resolution

Install the update referenced in Microsoft Security Bulletin 07-065.

References

http://www.microsoft.com/technet/security/bulletin/ms07-065.mspx

Limitations

Exploit works on Windows 2000 and requires the target's NetBIOS name to be set up with a primary DNS suffix.

Platforms

Windows 2000

Back to exploit index