Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
Published 2007-12-12 00:46:00
Updated 2018-10-16 16:47:06
View at NVD,   CVE.org
Vulnerability category: OverflowExecute code

Products affected by CVE-2007-3039

Exploit prediction scoring system (EPSS) score for CVE-2007-3039

96.76%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2007-3039

  • MS07-065 Microsoft Message Queueing Service DNS Name Path Overflow
    Disclosure Date: 2007-12-11
    First seen: 2020-04-26
    exploit/windows/dcerpc/ms07_065_msmq
    This module exploits a stack buffer overflow in the RPC interface to the Microsoft Message Queueing service. This exploit requires the target system to have been configured with a DNS name and for that name to be supplied in the 'DNAME' option. This name does not nee

CVSS scores for CVE-2007-3039

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
9.0
HIGH AV:N/AC:L/Au:S/C:C/I:C/A:C
8.0
10.0
NIST

CWE ids for CVE-2007-3039

  • The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
    Assigned by: nvd@nist.gov (Primary)
Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!