CVE-2009-1922

The Message Queuing aka MSMQ service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MS...

Microsoft Windows消息队列服务本地权限提升漏洞（MS09-040）

BUGTRAQ ID: 35969 CVECAN ID: CVE-2009-1922 Microsoft Windows是微软发布的非常流行的操作系统。 由于对消息队列服务所发布的IOCTL请求解析中存在缺陷，导致Windows消息队列服务（MSMQ）中存在一个权限提升漏洞。MSMQ服务在将输入数据传递到缓冲区之前没有正确地检查这些字符串。成功利用此漏洞的攻击者可执行任意代码，并可完全控制受影响的系统。攻击者可随后安装程序；查看、更改或删除数据；或者创建拥有完全用户权限的新帐户。 Microsoft Windows XP SP2 Microsoft Windows Vista...

Microsoft Message Queuing Service NULL Pointer Dereference Local Privilege Escalation Vulnerability

Description The Microsoft Message Queuing service is prone to a local privilege-escalation vulnerability because it fails to adequately handle user-supplied input. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will...

Microsoft Security Bulletin MS09-040 - Important Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032)

Microsoft Security Bulletin MS09-040 - Important Vulnerability in Message Queuing Could Allow Elevation of Privilege 971032 Published: August 11, 2009 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in the Windows Message Queuing...

MS09-040: Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032)

The remote version of Windows is affected by a vulnerability in the Microsoft Message Queuing Service MSMQ. An attacker with valid login credentials may exploit this flaw to execute arbitrary code on the remote host with the SYSTEM privileges and therefore elevate his privileges. C Tenable Networ...

CVE-2008-3479

Heap-based buffer overflow in the Microsoft Message Queuing MSMQ service mqsvc.exe in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing...

Heap overflow

Heap-based buffer overflow in the Microsoft Message Queuing MSMQ service mqsvc.exe in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing...

Microsoft Windows 2000 Message Queuing code execution

Code execution via RPC-based service...

MS08-065: Microsoft Windows Message Queuing Service RPC Request Handling Remote Code Execution (951071) (uncredentialed check)

The remote version of Windows is affected by a vulnerability in its Microsoft Message Queuing Service MSMQ. An attacker may exploit this flaw to execute arbitrary code on the remote host with SYSTEM privileges. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid34413;...

MS08-065: Microsoft Windows Message Queuing Service RPC Request Handling Remote Code Execution (951071)

The remote version of Windows is affected by a vulnerability in Microsoft Message Queuing Service MSMQ. An attacker may exploit this flaw to execute arbitrary code on the remote host with the SYSTEM privileges. Tenable Network Security, Inc. include"compat.inc"; if description scriptid34410;...

Microsoft Windows Message Queuing Service Queue Name Handling (MS08-065) - ver 2 (CVE-2008-3479)

Microsoft Message Queuing MSMQ is a component of Microsoft Windows designed to act as a message portal between a set of applications requiring message exchange functionality. MSMQ enables applications that are running at different times to communicate across heterogeneous networks and across...

Microsoft Message Queuing Service RPC Query Heap Corruption Vulnerability

Description The Microsoft Message Queuing service MSMQ is prone to a remote heap-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges, facilitating the complete compromise of an affected computer. Failed exploit attempts will result i...

Microsoft Windows PGM Invalid Length Remote Denial Of Service Vulnerability

Description Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted PGM Pragmatic General Multicast network traffic. Attackers can exploit this issue to cause an affected computer to stop responding until it is manually...

mswinqueue-overflow.txt

/ Windows Message Queuing Service Remote RPC BOF Exploit MS07-065 Mod of axis's code. CHANGELOG - added dnsname as a parameter, before it was hardcoded in the request data. Marcin Kozlowski Provided for legal security research and testing purposes ONLY Go through the code : / include include...

MS Windows Message Queuing Service RPC BOF Exploit (dnsname)

Exploit for unknown platform in category remote exploits ============================================================ MS Windows Message Queuing Service RPC BOF Exploit dnsname ============================================================ / Windows Message Queuing Service Remote RPC BOF Exploit...

MS Windows Message Queuing Service RPC BOF Exploit (dnsname)

No description provided by source. / Windows Message Queuing Service Remote RPC BOF Exploit MS07-065 Mod of axis's code. CHANGELOG - added dnsname as a parameter, before it was hardcoded in the request data. Marcin Kozlowski Provided for legal security research and testing purposes ONLY Go throug...

Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) (2)

Microsoft Windows Message Queuing Service - RPC Buffer Overflow MS07-065 2 / Windows Message Queuing Service Remote RPC BOF Exploit MS07-065 Mod of axis's code. CHANGELOG - added dnsname as a parameter, before it was hardcoded in the request data. Marcin Kozlowski Provided for legal security...

Microsoft Windows Message Queuing buffer overflow

Buffer overflow in RPC interface TCP/2103...

[EXPL] Microsoft Windows Message Queuing Service Stack Overflow Vulnerability (MS07-065, Exploit)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Update Protection against Microsoft Windows Message Queuing Remote Code Execution Vulnerability (MS07-065)

A buffer overflow vulnerability exists in Microsoft Windows Message Queuing Service. Microsoft Message Queuing MSMQ is a component of Microsoft Windows designed to act as a message portal between a set of applications requiring message exchange functionality. MSMQ enables applications that are...