Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3644

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2005-3644
Last Modified 18 Oct 2010 12:00:00
Published 17 Nov 2005 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3644

Summary

PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows Xp


References

BID - 15460

MISC - http://www.securiteam.com/exploits/6V00C15EKM.html

MILW0RM - 1328

MSKB - 911052

MISC - http://www.frsirt.com/exploits/20051117.Win_upnp_getdevicelist.c.php

MISC - http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2005/20051116

SECTRACK - 1015233

SECUNIA - 17595

MISC - http://research.eeye.com/html/alerts/zeroday/20051116.html


Last Updated: 27 May 2016 10:41:00