CVE-2007-3039
CVE-2007-3039
Vexday Risk Score
50Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 69.1%KEV nãoPoC públicaNuclei —Metasploit simPatch referenciado
Lifecycle
11 Dec 2007Metasploit module available
12 Dec 2007Published on NVD
25 Jul 2010Public PoC
Weaponization speed
956 daysto first PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
Affected products
n/a · n/apublic PoCs found — 4
exploitdbwww.exploit-db.com/exploits/16750unverifiedcve_referencewww.exploit-db.com/exploits/4745unverifiedcve_referencewww.exploit-db.com/exploits/4934unverifiedcve_referencewww.exploit-db.com/exploits/4760unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-065http://secunia.com/advisories/28011http://secunia.com/advisories/28051https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4474https://www.exploit-db.com/exploits/4745https://www.exploit-db.com/exploits/4760https://www.exploit-db.com/exploits/4934http://www.securityfocus.com/archive/1/484891/100/0/threadedhttp://www.securityfocus.com/archive/1/485268/100/0/threadedhttp://www.securityfocus.com/bid/26797http://www.securitytracker.com/id?1019077http://www.us-cert.gov/cas/techalerts/TA07-345A.html