Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1983

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2005-1983
Last Modified 07 Mar 2011 09:23:11
Published 10 Aug 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1983

Summary

Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows Xp


References

CERT - TA05-221A

CERT-VN - VU#998653

MS - MS05-039

VUPEN - ADV-2005-1354

XF - win-plugandplay-bo(21602)

ISS - 20050809 Windows Plug and Play Remote Compromise

BID - 14513

MISC - http://www.securiteam.com/windowsntfocus/5YP0E00GKW.html

OSVDB - 18605

MISC - http://www.hsc.fr/ressources/presentations/null_sessions/

MISC - http://www.frsirt.com/english/alerts/20050814.ZotobA.php

CIAC - P-266

SECTRACK - 1014640

SECUNIA - 16372

FULLDISC - 20050811 Windows 2000 universal exploit for MS05-039


Last Updated: 27 May 2016 10:40:22