Alias(es)MS.Queue.Manager.HeapOverflow.A |
Release DateSep 11, 2006 |
Severityhigh |
ImpactAttackers can execute arbitrary code on a target system and crash the RPC service. |
DescriptionIt indicates a buffer overflow vulnerability in Microsoft Windows 2000 Message Queue Manager (MQM). MQM is accessible via the Remote Procedure Call (RPC) service. Due to inadequate boundary checking, a remote attacker can send a specially-crafted request to execute arbitrary code on a target system with Local System privileges and/or to crash the RPC service. |
Affected ProductsAny unprotected Windows 2000 is vulnerable to the attack. |
Recommended ActionsApply appropriate patches from Microsoft and/or upgrade the program to the latest non-vulnerable version. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2003-0995 |
Reference/shttp://technet.microsoft.com/en-us/security/bulletin/MS03-039.mspx (MS-ID) |
