Microsoft Message Queuing Buffer Overflow Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1013691
|
|
SecurityTracker URL: http://securitytracker.com/id?1013691
|
|
CVE Reference: CAN-2005-0059
(Links to External Site)
|
Date: Apr 12 2005
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Microsoft Security Bulletin
|
Version(s): 2000 SP4 and prior, XP SP1 and prior, 98/Me
|
Description: A vulnerability was reported in Microsoft Message Queuing. A remote user can execute arbitrary code with System level privileges.
The affected Message Queuing component is not installed by default. Only users that have installed this component are affected.
BizTalk, for example, is an application that requires Message Queuing.
A remote user can trigger a buffer overflow in the Message
Queuing component to execute arbitrary code.
The vendor credits Kostya Kortchinsky from CERT RENATER with reporting this vulnerability.
|
Impact: A remote user can execute arbitrary code with System level privileges.
|
Solution: The vendor has issued the following fixes:
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4:
http://www.microsoft.com/downloads/detail
s.aspx?FamilyId=99A8EE12-4BD6-43F5-A43F-124E0E2C2283
Microsoft Windows XP Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=D72B7198-93A8-465
2-B505-8E51FC5EEAC3
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium):
http://www.microsoft.com/downloads/details.aspx?FamilyId=9124BA48-73A8-4C94-AA46-C
E9A9D1E1198
|
Vendor URL: www.microsoft.com/technet/security/Bulletin/MS05-017.mspx (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Windows (Me), Windows (98), Windows (2000), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 12 Apr 2005 11:52:44 -0400
Subject: http://www.microsoft.com/technet/security/Bulletin/MS05-017.mspx
|
http://www.microsoft.com/technet/security/Bulletin/MS05-017.mspx
|
|
