TPTI-08-07: Microsoft Windows Message Queuing Service Heap Overflow and
Memory Disclosure Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-08-07
October 14, 2008

-- CVE ID:
CVE-2008-3479

-- Affected Vendors:
Microsoft

-- Affected Products:
Microsoft OS

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 6482.
For further product information on the TippingPoint IPS, visit:

    http://www.tippingpoint.com

-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Microsoft Windows running the Message
Queuing service (mqsvc.exe).  User interaction is not required to
exploit this vulnerability.

The specific flaw exists in the parsing of an RPC request to the Message
Queing Service (mqsvc.exe).  By sending a specially crafted RPC request
a heap calculation can be controlled and later overflowed during an
unchecked string copy operation.  By sending a similar request memory
can be disclosed to the attacker.  Exploitation of the heap overflow
leads to full access of the affected system under the SYSTEM context.

-- Vendor Response:
Microsoft has issued an update to correct this vulnerability. More
details can be found at:

http://www.microsoft.com/technet/security/bulletin/MS08-065.mspx

-- Disclosure Timeline:
2007-11-14 - Vulnerability reported to vendor
2008-10-14 - Coordinated public release of advisory

-- Credit:
This vulnerability was discovered by:
    * Cody Pierce, TippingPoint DVLabs

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/