MSRPC Messenger exploit v1.21 Vulnerability exploited: CAN-2003-0717 - BID-8826 Category: Exploits/Remote This module exploits a buffer overflow and installs a level0 agent into the target host. There is a buffer overflow vulnerability in the Microsoft Windows Messenger service. This allows an attacker to execute arbitrary code with System privileges. The vulnerability is triggered by sending a malformed message to the vulnerable host. Manipulating the length of the packet allows portions of the heap memory to be overwritten with user defined data. Supported Systems: Windows 2000 Professional - sp0 (i386) Windows 2000 Professional - sp1 (i386) Windows 2000 Professional - sp2 (i386) Windows 2000 Professional - sp3 (i386) Windows 2000 Server - sp0 (i386) Windows 2000 Server - sp1 (i386) Windows 2000 Server - sp2 (i386) Windows 2000 Server - sp3 (i386) Windows 2000 Advanced Server - sp0 (i386) Windows 2000 Advanced Server - sp1 (i386) Windows 2000 Advanced Server - sp2 (i386) Windows 2000 Advanced Server - sp3 (i386) This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.