>> Microsoft Windows Plug and Play Remote Vulnerability (MS05-039)
Title : Microsoft Windows Plug and Play Remote Vulnerability (MS05-039) VUPEN ID : VUPEN/ADV-2005-1354 CVE ID : CVE-2005-1983 CWE ID : CWE-
Rated as : Critical
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2005-08-09
Technical Description
A vulnerability was identified in Microsoft Windows, which could be exploited by remote attackers to execute arbitrary commands or by local users to obtain elevated privileges. This flaw is due to a buffer overflow error in the Plug and Play service that does not properly handle specially crafted requests, which could be exploited by remote attackers to compromise a vulnerable system.
Note : On Windows 2000, an anonymous attacker could remotely exploit this vulnerability. On Windows XP Service Pack 1, only an authenticated user could remotely exploit this vulnerability. On Window XP Service Pack 2 and Windows Server 2003, only an administrator can remotely access the affected component. Therefore, on Windows XP Service Pack 2 and Windows Server 2003, this is strictly a local privilege elevation vulnerability.
Update - The Zotob.A worm has been discovered in the wild exploiting this vulnerability (see References).
Update - Microsoft has issued "Security Advisory 906574" to clarify information for non-default configurations of Windows XP Service Pack 1.
