Vulnerability Details CVE-2008-3479
Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.659
EPSS Ranking 98.4%
CVSS Severity
CVSS v2 Score 10.0
References
- http://dvlabs.tippingpoint.com/advisory/TPTI-08-07
- http://marc.info/?l=bugtraq&m=122479227205998&w=2
- http://marc.info/?l=bugtraq&m=122479227205998&w=2
- http://secunia.com/advisories/32260
- http://www.securityfocus.com/bid/31637
- http://www.securitytracker.com/id?1021052
- http://www.us-cert.gov/cas/techalerts/TA08-288A.html
- http://www.vupen.com/english/advisories/2008/2816
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-065
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45537
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45538
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5998
- http://dvlabs.tippingpoint.com/advisory/TPTI-08-07
- http://marc.info/?l=bugtraq&m=122479227205998&w=2
- http://marc.info/?l=bugtraq&m=122479227205998&w=2
- http://secunia.com/advisories/32260
- http://www.securityfocus.com/bid/31637
- http://www.securitytracker.com/id?1021052
- http://www.us-cert.gov/cas/techalerts/TA08-288A.html
- http://www.vupen.com/english/advisories/2008/2816
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-065
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45537
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45538
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5998
Products affected by CVE-2008-3479
-
cpe:2.3:o:microsoft:windows_2000:-