Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

TPTI-08-07: Microsoft Windows Message Queuing Service Heap Overflow and Memory Disclosure Vulnerability
From: dvlabs <dvlabs () tippingpoint com>
Date: Tue, 14 Oct 2008 17:51:31 -0500

TPTI-08-07: Microsoft Windows Message Queuing Service Heap Overflow and
Memory Disclosure Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-08-07
October 14, 2008

-- CVE ID:
CVE-2008-3479

-- Affected Vendors:
Microsoft

-- Affected Products:
Microsoft OS

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 6482.
For further product information on the TippingPoint IPS, visit:

    http://www.tippingpoint.com

-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Microsoft Windows running the Message
Queuing service (mqsvc.exe).  User interaction is not required to
exploit this vulnerability.

The specific flaw exists in the parsing of an RPC request to the Message
Queing Service (mqsvc.exe).  By sending a specially crafted RPC request
a heap calculation can be controlled and later overflowed during an
unchecked string copy operation.  By sending a similar request memory
can be disclosed to the attacker.  Exploitation of the heap overflow
leads to full access of the affected system under the SYSTEM context.

-- Vendor Response:
Microsoft has issued an update to correct this vulnerability. More
details can be found at:

http://www.microsoft.com/technet/security/bulletin/MS08-065.mspx

-- Disclosure Timeline:
2007-11-14 - Vulnerability reported to vendor
2008-10-14 - Coordinated public release of advisory

-- Credit:
This vulnerability was discovered by:
    * Cody Pierce, TippingPoint DVLabs

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • TPTI-08-07: Microsoft Windows Message Queuing Service Heap Overflow and Memory Disclosure Vulnerability dvlabs (Oct 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault