AlphaOne Technology Support Forums
Welcome, Guest. Please login or register.
December 02, 2008, 08:16:21 AM

Login with username, password and session length
Search:     Advanced search
1733 Posts in 827 Topics by 4756 Members
Latest Member: Uobeley
* Home Help Search Login Register
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  Windows-based Security Issues  |  Topic: Microsoft Windows Plug and Play Remote Vulnerability 0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Microsoft Windows Plug and Play Remote Vulnerability  (Read 738 times)
TJ
Tech Team
Hero Member
********
Offline Offline

Posts: 136



View Profile
Microsoft Windows Plug and Play Remote Vulnerability
« on: August 13, 2005, 08:41:25 PM »
* Technical Description *

A vulnerability was identified in Microsoft Windows, which could be exploited by remote attackers to execute arbitrary commands or by local users to obtain elevated privileges. This flaw is due to a buffer overflow error in the Plug and Play service that does not properly handle specially crafted requests, which could be exploited by remote attackers to compromise a vulnerable system.

Note : On Windows 2000, an anonymous attacker could remotely exploit this vulnerability. On Windows XP Service Pack 1, only an authenticated user could remotely exploit this vulnerability. On Window XP Service Pack 2 and Windows Server 2003, only an administrator can remotely access the affected component. Therefore, on Windows XP Service Pack 2 and Windows Server 2003, this is strictly a local privilege elevation vulnerability.

 * Exploits *

http://www.frsirt.com/exploits/20050811.MS05-039.c.php
http://www.frsirt.com/exploits/20050811.ms05_039_pnp.pm.php
http://www.frsirt.com/exploits/20050812.HOD-ms05039-pnp-expl.c.php

 * Affected Products *

Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition

 * Solution *

Apply patches :
http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx

 * References *

http://www.frsirt.com/english/advisories/2005/1354
http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx
Logged
Pages: [1] Go Up Print 
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  Windows-based Security Issues  |  Topic: Microsoft Windows Plug and Play Remote Vulnerability « previous next »
Jump to:  

Powered by MySQL Powered by PHP AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved. 		Valid XHTML 1.0! Valid CSS!