Follow:

Vulnerability:Win/MSRPC.MSMQ.RCE!CAN-2005-0059

Severity rating
Important

Class/Type
Vulnerability

Discovered date
2005-04-12T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Medium



On this page




Description

A remote code execution vulnerability exists in Message Queuing that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.



Impact

An attacker who successfully exploited this vulnerability could take complete control of the affected system.



Technical details (analysis)

Microsoft Message Queuing technology enables applications that are running at different times to communicate across heterogeneous networks and across systems that may be temporarily offline. Applications send messages to queues and read messages from queues. Message Queuing provides guaranteed message delivery, efficient routing, security, and priority-based messaging. It can be used to implement solutions for both asynchronous and synchronous messaging scenarios. An unchecked buffer in the Message Queuing component causes the vulnerability to trigger. An attacker could try to exploit the vulnerability by creating a specially crafted message and sending the message to an affected system. The message could then cause the affected system to execute code.



Affected software

Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows 98 and Microsoft Windows 98 Second Edition (SE)



Non-affected software

Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows Server 2003 and Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Millennium Edition (ME)



References




Solutions




NIS signature

Name: Vulnerability:Win/MSRPC.MSMQ.RCE!CAN-2005-0059
Release Date: 2005-04-12T00:00:00



Known false positives

No known false positives at this time



Work-arounds

Block the following at the firewall: UDP ports 135, 137, 138, 445, 1801, and 3527, and TCP ports 135, 139, 445, 593, 1801, 2101, 2103, 2105, and 2107
Remove Message Queuing if you do not need it.