>> Microsoft Windows Plug and Play Remote Vulnerability (MS05-039)
Title : Microsoft Windows Plug and Play Remote Vulnerability (MS05-039) VUPEN ID : VUPEN/ADV-2005-1354 CVE ID : CVE-2005-1983 CWE ID : CWE-
Rated as : Critical
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2005-08-09
Technical Description
A vulnerability was identified in Microsoft Windows, which could be exploited by remote attackers to execute arbitrary commands or by local users to obtain elevated privileges. This flaw is due to a buffer overflow error in the Plug and Play service that does not properly handle specially crafted requests, which could be exploited by remote attackers to compromise a vulnerable system.
Note : On Windows 2000, an anonymous attacker could remotely exploit this vulnerability. On Windows XP Service Pack 1, only an authenticated user could remotely exploit this vulnerability. On Window XP Service Pack 2 and Windows Server 2003, only an administrator can remotely access the affected component. Therefore, on Windows XP Service Pack 2 and Windows Server 2003, this is strictly a local privilege elevation vulnerability.
Update - The Zotob.A worm has been discovered in the wild exploiting this vulnerability (see References).
Update - Microsoft has issued "Security Advisory 906574" to clarify information for non-default configurations of Windows XP Service Pack 1.
Credits Vulnerabilities reported by Neel Mehta and Jean-Baptiste Marchand
ChangeLog 2005-08-09 : Initial release
2005-08-11 : Exploits released
2005-08-14 : Zotob.A worm in the wild
2005-08-24 : Security Advisory 906574 Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
