Microsoft Windows Messenger Service Message Length Remote Overflow

2003-10-15T00:00:00
ID OSVDB:10936
Type osvdb
Reporter The Last Stage of Delirium Research Group()
Modified 2003-10-15T00:00:00

Description

Vulnerability Description

A remote overflow exists in Microsoft Windows. The Messenger Service fails to perform proper bounds checking on the message length resulting in a buffer overflow. With a specially crafted message, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

A remote overflow exists in Microsoft Windows. The Messenger Service fails to perform proper bounds checking on the message length resulting in a buffer overflow. With a specially crafted message, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.microsoft.com/ Snort Signature ID: 2257 Snort Signature ID: 2258 Security Tracker: 1007933 OVAL ID: 213 OVAL ID: 268 Nessus Plugin ID:11890 Nessus Plugin ID:11888 Microsoft Security Bulletin: MS03-043 ISS X-Force ID: 13413 Generic Exploit URL: http://www.securiteam.com/exploits/6X00F1P8VW.html CVE-2003-0717 CERT VU: 575892 CERT: CA-2003-27 Bugtraq ID: 8826