9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%
Added: 12/12/2007
CVE: CVE-2007-3039
BID: 26797
OSVDB: 39123
Microsoft Message Queuing allows applications which may be running at different times to communicate across a network.
A buffer overflow vulnerability in the Microsoft Message Queuing service allows remote attackers to execute arbitrary commands by specifying a long, specially crafted queue name with a fully-qualified NetBIOS domain name.
Install the update referenced in Microsoft Security Bulletin 07-065.
<http://www.microsoft.com/technet/security/bulletin/ms07-065.mspx>
Exploit works on Windows 2000 and requires the target’s NetBIOS name to be set up with a primary DNS suffix.
Windows 2000