Description: Kostya Kortchinsky has reported a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error in the Message Queuing component. This can e.g. be exploited by sending a specially crafted message via RPC.
NOTE: The Message Queuing is not activated by default.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
The following versions of Microsoft Windows are not affected:
* Microsoft Windows XP Service Pack 2
* Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Provided and/or discovered by: Kostya Kortchinsky
Changelog: 2005-07-05: Added link to US-CERT vulnerability note.
2005-11-21: Added patch information for Windows XP Embedded.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
