CERT-In Vulnerability Note CIVN-2006-88
Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

Original Issue Date: September 13, 2006

Severity Rating: Medium

Systems Affected

Microsoft Windows XP SP1 and SP2

Overview

A remote code execution vulnerability has been reported in Microsoft Windows XP that could be exploited by an attacker to take complete control of the vulnerable system.

Description

PGM is a reliable and scalable multicast protocol used by applications that require duplicate-free multicast data delivery from multiple sources to multiple receivers. Microsoft Message Queuing (MSMQ) service uses this protocol. MSMQ enables applications running at different times to communicate across heterogeneous networks and systems that may be temporarily offline. It is to be noted that MSMQ service is not installed by default.

The vulnerability is caused due to Invalid memory access in the Pragmatic General Multicast (PGM) protocol implementation.

The attacker could exploit this vulnerability by creating and sending a specially crafted message that could communicate with a vulnerable system through MSMQ . The messages could then be used to execute malicious code on the vulnerable system to take complete control of the system remotely.

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS06-052

References

Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS06-052.mspx

FrSIRT
http://www.frsirt.com/english/advisories/2006/3563

Secunia
http://secunia.com/advisories/21851

CVE Name
CVE-2006-3442

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003