| Name | ms07_065 |
| CVE | CVE-2007-3039 |
| Exploit Pack | CANVAS |
| Description | Microsoft Message Queuing Service Overflow |
| Notes | CVE Name: CVE-2007-3039 VENDOR: Microsoft MSADV: MS07-065 Repeatability: One shot Note: Windows XP needs a valid Username and Password. According to the SWI Weblog: " There is actually another mitigating factor present here that we didn't include in the bulletin because we could not authoritatively say that it was true in every case. The vulnerable code path only executes if your machine has a primary DNS suffix. Most of the time, only domain-joined machines have a primary DNS suffix. So it would have been great to say in the bulletin: "Machines not joined to a domain are safe" but that is not 100% accurate so we did not include that. Technically, an administrator could manually set a primary DNS suffix on a non-domain-joined machine. " For information on how to set this up to test this exploit if you don't want to be on a domain: http://www.windowsitpro.com/Article/ArticleID/15282/15282.html You will, of course, first have to into Windows Add/Remove programs and add it as a "Windows component". References: http://www.microsoft.com/technet/security/bulletin/ms07-065.mspx CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3039 Date public: 12/11/07 CVE: CVE-2007-3039 CVSS: 9.0 |
| Learn more about the CANVAS Exploit Pack here: CANVAS |