=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2007/VULN502
_____________________________________________________________________

DATE                      : 12/12/2007

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows 2000, Windows XP.

======================================================================
Vulnerability in Message Queuing Could Allow Remote Code Execution
______________________________________________________________________

Microsoft Security Bulletin MS07-065  Important
Vulnerability in Message Queuing Could Allow Remote Code Execution (937894)

This important security update resolves a privately reported
vulnerability in Message Queuing Service (MSMQ) that could allow remote
code execution in implementations on Microsoft Windows 2000 Server, or
elevation of privilege in implementations on Microsoft Windows 2000
Professional and Windows XP.
An attacker must have valid logon credentials to exploit this
vulnerability.
An attacker could then install programs; view, change, or delete data;
or create new accounts.

This is an important security update for supported editions of Microsoft
Windows 2000 Server and a moderate security update for supported
editions of Windows XP and Windows 2000 Professional.

This security update addresses this vulnerability by validating the
input string before copying it to the buffer.


Affected Software
     Microsoft Windows 2000 Server Service Pack 4
     Microsoft Windows 2000 Professional Service Pack 4
     Windows XP Service Pack 2


Vulnerability Details
	
Message Queuing Service Remote Code Execution Vulnerability
CVE-2007-3039

A remote code execution vulnerability exists in the Message Queuing
Service when it incorrectly validates input strings before passing the
strings to a buffer. An attacker could exploit the vulnerability by
constructing a specially crafted MSMQ message that could allow remote
code execution in a remote attack scenario on Microsoft Windows 2000
Server and a local elevation of privilege in a local scenario on
Microsoft Windows 2000 Professional and Windows XP. An attacker who
successfully exploited this vulnerability could take complete control of
an affected system.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================