Vulnerability CVE-2007-3039 - CERT Civis.Net

Vulnerability Name:

CVE-2007-3039 (CCN-35764)

Assigned:

2007-12-11

Published:

2007-12-11

Updated:

2018-10-16

Summary:

Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103.
Note: this is remotely exploitable on Windows 2000 Server.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
7.5 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2007-3039

Source: CCN
Type: SA28011
Microsoft Windows Message Queuing Privilege Escalation

Source: SECUNIA
Type: Vendor Advisory
28011

Source: CCN
Type: SA28051
Microsoft Windows Message Queuing Buffer Overflow

Source: SECUNIA
Type: Vendor Advisory
28051

Source: CCN
Type: SECTRACK ID: 1019077
Microsoft Message Queuing (MSMQ) Buffer Overflow Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: ASA-2007-515
MS07-065 Vulnerability in Message Queuing Could Allow Remote Code Execution (937894)

Source: CCN
Type: Microsoft Security Bulletin MS07-065
Vulnerability in Message Queuing Service Could Allow Remote Code Execution (937894)

Source: BUGTRAQ
Type: UNKNOWN
20071211 ZDI-07-076: Microsoft Windows Message Queuing Service Stack Overflow Vulnerability

Source: HP
Type: UNKNOWN
SSRT071506

Source: BID
Type: UNKNOWN
26797

Source: CCN
Type: BID-26797
Microsoft Message Queuing Service Stack Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1019077

Source: CERT
Type: US Government Resource
TA07-345A

Source: VUPEN
Type: UNKNOWN
ADV-2007-4181

Source: MISC
Type: UNKNOWN
http://www.zerodayinitiative.com/advisories/ZDI-07-076.html

Source: MS
Type: UNKNOWN
MS07-065

Source: XF
Type: UNKNOWN
win-msmq-bo(35764)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:4474

Source: EXPLOIT-DB
Type: UNKNOWN
4745

Source: EXPLOIT-DB
Type: UNKNOWN
4760

Source: EXPLOIT-DB
Type: UNKNOWN
4934

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [12-11-2007]
MS07-065 Microsoft Message Queueing Service DNS Name Path Overflow

Source: CCN
Type: ZDI-07-076
Microsoft Windows Message Queuing Service Stack Overflow Vulnerability

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows_2000:*:sp4:pro:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp4:srv:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*

AND

cpe:/a:microsoft:message_queuing:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:microsoft:windows_2000::sp4:server:*:*:*:*:*

OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows_2000::sp4:professional:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:4474	V	Vulnerability in Message Queuing Could Allow Remote Code Execution	2014-03-17