CVE-2007-3039 - OpenCVE

Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Message Queuing Windows 2000 Windows Xp

Configuration 1 [-]

AND

OR	cpe:2.3:o:microsoft:windows_2000::sp4:pro:::::
	cpe:2.3:o:microsoft:windows_2000::sp4:srv:::::
	cpe:2.3:o:microsoft:windows_xp::sp2::::::*

cpe:2.3:a:microsoft:message_queuing:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/28011
http://secunia.com/advisories/28051
http://www.securityfocus.com/archive/1/484891/100/0/threaded
http://www.securityfocus.com/archive/1/485268/100/0/threaded
http://www.securityfocus.com/bid/26797
http://www.securitytracker.com/id?1019077
http://www.us-cert.gov/cas/techalerts/TA07-345A.html
http://www.vupen.com/english/advisories/2007/4181
http://www.zerodayinitiative.com/advisories/ZDI-07-076.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-065
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4474
https://www.exploit-db.com/exploits/4745
https://www.exploit-db.com/exploits/4760
https://www.exploit-db.com/exploits/4934

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2007-12-12T00:00:00

Updated: 2024-08-07T13:57:54.992Z

Reserved: 2007-06-05T00:00:00

Link: CVE-2007-3039

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-12-12T00:46:00.000

Modified: 2018-10-16T16:47:05.713

Link: CVE-2007-3039

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-12-11T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "4934", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/4934"}, {"name": "4760", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/4760"}, {"name": "4745", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/4745"}, {"name": "oval:org.mitre.oval:def:4474", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4474"}, {"name": "SSRT071506", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"}, {"name": "1019077", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019077"}, {"name": "28011", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28011"}, {"name": "26797", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26797"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-076.html"}, {"name": "HPSBST02299", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"}, {"name": "TA07-345A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"}, {"name": "MS07-065", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-065"}, {"name": "ADV-2007-4181", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/4181"}, {"name": "20071211 ZDI-07-076: Microsoft Windows Message Queuing Service Stack Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/484891/100/0/threaded"}, {"name": "28051", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28051"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2007-3039", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "4934", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/4934"}, {"name": "4760", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/4760"}, {"name": "4745", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/4745"}, {"name": "oval:org.mitre.oval:def:4474", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4474"}, {"name": "SSRT071506", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"}, {"name": "1019077", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019077"}, {"name": "28011", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28011"}, {"name": "26797", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26797"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-076.html", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-076.html"}, {"name": "HPSBST02299", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"}, {"name": "TA07-345A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"}, {"name": "MS07-065", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-065"}, {"name": "ADV-2007-4181", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/4181"}, {"name": "20071211 ZDI-07-076: Microsoft Windows Message Queuing Service Stack Overflow Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/484891/100/0/threaded"}, {"name": "28051", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28051"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:57:54.992Z"}, "title": "CVE Program Container", "references": [{"name": "4934", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/4934"}, {"name": "4760", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/4760"}, {"name": "4745", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/4745"}, {"name": "oval:org.mitre.oval:def:4474", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4474"}, {"name": "SSRT071506", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"}, {"name": "1019077", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019077"}, {"name": "28011", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28011"}, {"name": "26797", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26797"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-076.html"}, {"name": "HPSBST02299", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"}, {"name": "TA07-345A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"}, {"name": "MS07-065", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-065"}, {"name": "ADV-2007-4181", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/4181"}, {"name": "20071211 ZDI-07-076: Microsoft Windows Message Queuing Service Stack Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/484891/100/0/threaded"}, {"name": "28051", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28051"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2007-3039", "datePublished": "2007-12-12T00:00:00", "dateReserved": "2007-06-05T00:00:00", "dateUpdated": "2024-08-07T13:57:54.992Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:pro:*:*:*:*:*", "matchCriteriaId": "C6C99A6D-BE32-4634-9261-81E26983FB84", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:srv:*:*:*:*:*", "matchCriteriaId": "F200FFC6-7D0E-4500-AB65-8785FD1EEC24", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:message_queuing:*:*:*:*:*:*:*:*", "matchCriteriaId": "F31DB341-76D4-44F6-B0DD-107775495110", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el servicio Microsoft Message Queuing Service (MSMQ) en Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4 y Windows XP SP2 permite a los atacantes ejecutar c\u00f3digo arbitrario por medio de una cadena larga en una llamada RPC 0x06 opnum al puerto 2103. NOTA: esto es explotable de forma remota en Windows 2000 Server."}], "id": "CVE-2007-3039", "lastModified": "2018-10-16T16:47:05.713", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-12-12T00:46:00.000", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28011"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28051"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/484891/100/0/threaded"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/26797"}, {"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1019077"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"}, {"source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2007/4181"}, {"source": "secure@microsoft.com", "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-076.html"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-065"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4474"}, {"source": "secure@microsoft.com", "url": "https://www.exploit-db.com/exploits/4745"}, {"source": "secure@microsoft.com", "url": "https://www.exploit-db.com/exploits/4760"}, {"source": "secure@microsoft.com", "url": "https://www.exploit-db.com/exploits/4934"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}