CVE-2007-3039

critical

Description

Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.

References

https://www.exploit-db.com/exploits/4934

https://www.exploit-db.com/exploits/4760

https://www.exploit-db.com/exploits/4745

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4474

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-065

http://www.zerodayinitiative.com/advisories/ZDI-07-076.html

http://www.vupen.com/english/advisories/2007/4181

http://www.us-cert.gov/cas/techalerts/TA07-345A.html

http://www.securitytracker.com/id?1019077

http://www.securityfocus.com/bid/26797

http://www.securityfocus.com/archive/1/485268/100/0/threaded

http://www.securityfocus.com/archive/1/484891/100/0/threaded

http://secunia.com/advisories/28051

http://secunia.com/advisories/28011

Details

Source: Mitre, NVD

Published: 2007-12-12

Updated: 2018-10-16

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical