Microsoft Windows Knowledge Base Article 951071 update is not installed
| win-ms08kb951071-update (45538) |  High Risk |
Description:
Microsoft Knowledge Base Article 951071 is not installed, which could allow a remote attacker to exploit the following vulnerability:
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by improper parsing of RPC requests by the Microsoft Message Queuing (MSMQ) service. By sending a specially-crafted RPC request to a system with the (MSMQ) service installed, a remote attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges.
Consequences:
Informational
Remedy:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS08-065. See References.
References:
- IBM Internet Security Systems X-Force Database: Microsoft Message Queuing RPC code execution.
- Microsoft Security Bulletin MS08-065: Vulnerability in Message Queuing Could Allow Remote Code Execution (951071).
- CVE-2008-3479: Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka Message Queuing Service Remote Code Execution Vulnerability.
Platforms Affected:
- Microsoft Windows 2000 SP4
Reported:
Not available
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net