PT-2008-09: Microsoft Windows MSMQ Privilege Escalation Vulnerability Affected Software Microsoft Windows 2000 Service Pack 4 Windows XP Service Pack 2 Windows Server 2003 Service Pack 2 Windows VistaVendor Link: http://www.microsoft.comSeverity Rating Severity: High Impact: Privilege Escalation Attack Vector: Local CVSS v2: Base Score: 7.2 Vector: (AV:L/AC:M/Au:S/C:C/I:C/A:C) CVE: CVE-2009-1922Vulnerability DescriptionPositive Technologies Research Team has discovered a privilege escalation vulnerability in Windows Message Queuing service (MSMQ). The IOCTL handler in mqac.sys does not properly validate buffer data associated with the Irp object, which allows local users to crash the system or execute arbitrary code with SYSTEM privileges. Solution Vendor has issued patches and advisory: http://www.microsoft.com/technet/security/bulletin/ms09-040.mspxDisclosure Timeline 11/19/2008 - Vendor notified 11/21/2008 - Vendor response 08/11/2009 - Vendor released patches 08/12/2009 - Public disclosure CreditsThis vulnerability was discovered by Nikita Tarakanov, Positive Technologies Research Team. Referenceshttp://en.securitylab.ru/lab/PT-2008-09 http://www.ptsecurity.ru/advisory.aspComplete list of vulnerability reports published by Positive Technologies Research Team: http://en.securitylab.ru/lab/ http://www.ptsecurity.ru/advisory.asp