ID CVE-2005-0059
Summary Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:-:advanced_server
    cpe:2.3:o:microsoft:windows_2000:-:advanced_server
  • cpe:2.3:o:microsoft:windows_2000:-:datacenter_server
    cpe:2.3:o:microsoft:windows_2000:-:datacenter_server
  • cpe:2.3:o:microsoft:windows_2000:-:professional
    cpe:2.3:o:microsoft:windows_2000:-:professional
  • cpe:2.3:o:microsoft:windows_2000:-:server
    cpe:2.3:o:microsoft:windows_2000:-:server
  • Microsoft Windows 2000 Advanced Server SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:datacenter_server
  • Microsoft Windows 2000 Professional SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:professional
  • Microsoft Windows 2000 Server SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:server
  • Microsoft Windows 2000 Advanced Server SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:datacenter_server
  • Microsoft Windows 2000 Professional SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:professional
  • Microsoft Windows 2000 Server SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:server
  • Microsoft Windows 2000 Advanced Server SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:datacenter_server
  • Microsoft Windows 2000 Professional SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:professional
  • Microsoft Windows 2000 Server SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:server
  • Microsoft Windows 2000 Advanced Server SP4
    cpe:2.3:o:microsoft:windows_2000:-:sp4:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP4
    cpe:2.3:o:microsoft:windows_2000:-:sp4:datacenter_server
  • Microsoft Windows 2000 Professional SP4
    cpe:2.3:o:microsoft:windows_2000:-:sp4:professional
  • Microsoft Windows 2000 Server SP4
    cpe:2.3:o:microsoft:windows_2000:-:sp4:server
  • Microsoft windows 98_gold
    cpe:2.3:o:microsoft:windows_98:-:gold
  • Microsoft windows 98_se
    cpe:2.3:o:microsoft:windows_98se
  • cpe:2.3:o:microsoft:windows_xp:-:64-bit
    cpe:2.3:o:microsoft:windows_xp:-:64-bit
  • cpe:2.3:o:microsoft:windows_xp:-:embedded
    cpe:2.3:o:microsoft:windows_xp:-:embedded
  • cpe:2.3:o:microsoft:windows_xp:-:home
    cpe:2.3:o:microsoft:windows_xp:-:home
  • cpe:2.3:o:microsoft:windows_xp:-:media_center
    cpe:2.3:o:microsoft:windows_xp:-:media_center
  • Microsoft Windows XP Professional Gold
    cpe:2.3:o:microsoft:windows_xp:-:gold:professional
  • cpe:2.3:o:microsoft:windows_xp:-:sp1:64-bit
    cpe:2.3:o:microsoft:windows_xp:-:sp1:64-bit
  • Microsoft windows xp_sp1 embedded
    cpe:2.3:o:microsoft:windows_xp:-:sp1:embedded
  • Microsoft Windows XP Service Pack 1 Home Edition
    cpe:2.3:o:microsoft:windows_xp:-:sp1:home
  • Microsoft windows xp_sp1 media_center
    cpe:2.3:o:microsoft:windows_xp:-:sp1:media_center
  • Microsoft windows xp_sp2 tablet_pc
    cpe:2.3:o:microsoft:windows_xp:-:sp2:tablet_pc
CVSS
Base: 10.0 (as of 13-05-2005 - 16:18)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
  • description MS Windows Message Queuing BoF Universal Exploit (MS05-017) (v.0.3). CVE-2005-0059. Remote exploit for windows platform
    id EDB-ID:1075
    last seen 2016-01-31
    modified 2005-06-29
    published 2005-06-29
    reporter houseofdabus
    source https://www.exploit-db.com/download/1075/
    title Microsoft Windows Message Queuing BoF Universal Exploit MS05-017 v.0.3
  • description Microsoft Message Queueing Service Path Overflow. CVE-2005-0059. Remote exploit for windows platform
    id EDB-ID:16747
    last seen 2016-02-02
    modified 2010-05-09
    published 2010-05-09
    reporter metasploit
    source https://www.exploit-db.com/download/16747/
    title Microsoft Message Queueing Service Path Overflow
metasploit via4
description This module exploits a stack buffer overflow in the RPC interface to the Microsoft Message Queueing service. The offset to the return address changes based on the length of the system hostname, so this must be provided via the 'HNAME' option. Much thanks to snort.org and Jean-Baptiste Marchand's excellent MSRPC website.
id MSF:EXPLOIT/WINDOWS/DCERPC/MS05_017_MSMQ
last seen 2019-03-24
modified 2017-07-24
published 2006-05-30
reliability Good
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/dcerpc/ms05_017_msmq.rb
title MS05-017 Microsoft Message Queueing Service Path Overflow
nessus via4
  • NASL family Windows
    NASL id MSMQS_OVERFLOW.NASL
    description The remote version of Windows is affected by a vulnerability in Microsoft Message Queuing Service (MSMQ). An attacker may exploit this flaw to execute arbitrary code on the remote host with SYSTEM privileges.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 18027
    published 2005-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18027
    title MS05-017: Vulnerability in MSMQ Could Allow Code Execution (892944) (uncredentialed check)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS05-017.NASL
    description The remote version of Windows is affected by a vulnerability in Microsoft Message Queuing Service (MSMQ). An attacker could exploit this flaw to execute arbitrary code on the remote host with the SYSTEM privileges.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 18021
    published 2005-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18021
    title MS05-017: Vulnerability in MSMQ Could Allow Code Execution (892944)
oval via4
  • accepted 2011-05-16T04:02:58.120-04:00
    class vulnerability
    contributors
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
    family windows
    id oval:org.mitre.oval:def:4384
    status accepted
    submitted 2005-05-02T12:00:00.000-04:00
    title Windows XP Message Queuing Buffer Overflow
    version 68
  • accepted 2011-05-16T04:03:08.282-04:00
    class vulnerability
    contributors
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
    family windows
    id oval:org.mitre.oval:def:4988
    status accepted
    submitted 2005-05-02T12:00:00.000-04:00
    title Windows 2000 Message Queuing Buffer Overflow
    version 68
packetstorm via4
data source https://packetstormsecurity.com/files/download/82964/ms05_017_msmq.rb.txt
id PACKETSTORM:82964
last seen 2016-12-05
published 2009-11-26
reporter H D Moore
source https://packetstormsecurity.com/files/82964/Microsoft-Message-Queueing-Service-Path-Overflow.html
title Microsoft Message Queueing Service Path Overflow
refmap via4
ms MS05-017
saint via4
bid 13112
description Microsoft Message Queuing buffer overflow
id win_patch_msmq
osvdb 15458
title windows_message_queuing
type remote
Last major update 10-09-2008 - 15:34
Published 02-05-2005 - 00:00
Last modified 12-10-2018 - 17:36
Back to Top