MSMQ security bulletin MS07-065
A buffer overrun has been identified in MSMQ 2.0 (Windows 2000) and MSMQ 3.0 (Windows XP) which allows code to be executed as Local System.
To exploit this vulnerability locally on Microsoft 2000 Professional and Windows XP, an attacker would first have to log on to the system.
To exploit this vulnerability remotely on Microsoft Windows 2000 Server, an attacker would have to send specially crafted packets to the MSMQ service that could exploit the vulnerability and gain complete control of the affected system.
The update removes the vulnerability by modifying the way that the MSMQ service validates input strings before passing the strings to the allocated buffer.
The KnowledgeBase article is:
For reference, the build supplied with the update is:
- Windows 2000 - 126.96.36.1995 (17-Oct-2007)
- Windows XP - 188.8.131.529 (06-Jul-2007)