CVE-2008-3479

Properties

Published:
13.10.2008
Updated:
06.09.2013
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Product:
microsoft: windows_2000

Vulnerability description

Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."

References:

CERT: http://www.us-cert.gov/cas/techalerts/TA08-288A.html
BID: http://www.securityfocus.com/bid/31637
MS: http://www.microsoft.com/technet/security/Bulletin/MS08-065.mspx
SECUNIA: http://secunia.com/advisories/32260
MISC: http://dvlabs.tippingpoint.com/advisory/TPTI-08-07
XF: http://xforce.iss.net/xforce/xfdb/45538
XF: http://xforce.iss.net/xforce/xfdb/45537
VUPEN: http://www.vupen.com/english/advisories/2008/2816
SECTRACK: http://www.securitytracker.com/id?1021052
OVAL: http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5998
HP: http://marc.info/?l=bugtraq&m=122479227205998&w=2
HP: http://marc.info/?l=bugtraq&m=122479227205998&w=2