Microsoft Windows 2000 Message Queuing Service Memory Corruption VulnerabilityTPTI-08-07: October 14th, 2008
Windows 2000 SP4
TippingPoint™ IPS Customer ProtectionTippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 6482. For further product information on the TippingPoint IPS:
Vulnerability DetailsThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows 2000 running the Message Queuing service (mqsvc.exe). User interaction is not required to exploit this vulnerability.
The specific flaw exists in the parsing of an RPC request to the Message Queing Service (mqsvc.exe). By sending a specially crafted RPC request a heap calculation can be controlled and later overflowed during an unchecked string copy operation. By sending a similar request, memory can be disclosed to the attacker. Exploitation of the heap overflow may lead to code execution under the context of the SYSTEM user.
Vendor ResponseMicrosoft has issued an update to correct this vulnerability. More details can be found at:
2007-11-14 - Vulnerability reported to vendor
2008-10-14 - Coordinated public release of advisory