Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2120

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2005-2120
Last Modified 10 Sep 2008 03:41:06
Published 13 Oct 2005 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2005-2120

Summary

Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows Xp


References

CERT - TA05-284A

CERT-VN - VU#214572

BID - 15065

MS - MS05-047

EEYE - AD20051011c

SECTRACK - 1015042

SECUNIA - 17166

OSVDB - 18830

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf

SREASON - 71

SECUNIA - 17223

SECUNIA - 17172


Last Updated: 27 May 2016 10:40:24