exploits , vulnerabilities , articles , Microsoft Message Queuing Service Stack Buffer Overflow Vulnerability

Title	Microsoft Message Queuing Service Stack Buffer Overflow Vulnerability
Published	2007-12-11-12:00AM
Updated	2008-01-18-04:28PM
Class	Boundary Condition Error
CVE	CVE-2007-3039
Remote	Yes
Local	Yes
Credit	Venustech of ADLABS and Tenable Network Security are credited with the discovery of this vulnerability.
Vulnerable	Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Media Center Edition SP1 Microsoft Windows XP Media Center Edition Microsoft Windows XP Home SP2 Microsoft Windows XP Home SP1 Microsoft Windows XP Home Microsoft Windows XP 0 Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Server SP3 Microsoft Windows 2000 Server SP2 Microsoft Windows 2000 Server SP1 Microsoft Windows 2000 Server Avaya DefinityOne Media Servers Avaya IP600 Media Servers Avaya S3400 Message Application Server Avaya S8100 Media Servers Microsoft Windows 2000 Professional SP4 Microsoft Windows 2000 Professional SP3 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional Microsoft Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Datacenter Server SP3 Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Datacenter Server SP1 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Advanced Server SP4 Microsoft Windows 2000 Advanced Server SP3 Microsoft Windows 2000 Advanced Server SP2 Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows 2000 Advanced Server HP Storage Management Appliance III HP Storage Management Appliance II HP Storage Management Appliance I HP Storage Management Appliance 2.1 HP Storage Management Appliance III HP Storage Management Appliance II HP Storage Management Appliance I
Not Vulnerable
Code	Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.The following Metasploit Framework module is available to exploit this issue on Windows 2000 systems.An exploit from axis is also available. /data/vulnerabilities/exploits/ms07_065_msmq.rb /data/vulnerabilities/exploits/26797.c /data/vulnerabilities/exploits/MessageQueueexpl.c /data/vulnerabilities/exploits/26797_updated.c
TXT

Vulnerabilities - newest 10 RSS | More

2008-12-02 xrdp Multiple Buffer Overflow Vulnerabilities
2008-12-02 FFmpeg Multiple Denial of Service Vulnerabilities
2008-12-01 SystemImager Flamethrower Insecure Temporary File Creation Vulnerabilities
2008-12-01 Rumpus FTP Server Command Argument Remote Buffer Overflow Vulnerability
2008-12-01 Rumpus FTP Server HTTP Command Remote Denial of Service Vulnerability
2008-11-29 Multiple ActiveWebSoftwares Products Login Parameters SQL Injection Vulnerabilities
2008-11-29 Venalsur Booking Centre Multiple Cross-Site Scripting Vulnerabilities
2008-11-28 ReVou Login SQL Injection Vulnerability
2008-11-28 Web Calendar System SQL Injection and Cross Site Scripting Vulnerabilities
2008-11-28 SailPlanner Login SQL Injection Vulnerability