18830 : Microsoft Windows UMPNPMGR wsprintfW Remote Overflow
Printer | http://osvdb.org/18830 | Email This | Edit Vulnerability

Views This Week Views All Time Added to OSVDB Last Modified Modified (since 2008) Percent Complete
10 2704 over 8 years ago 12 months ago 8 times 100%

Timeline

Disclosure Date
2005-10-12
Time to Patch
69 days

Description

A remote overflow exists in Microsoft Windows NT, 2000 & XP. The Microsoft Windows MSRPC Plug and Play service fails to validate user supplied data to the wsprintfW call within the code for UMPNPMGR, resulting in a stack buffer overflow. With a specially crafted request, a remote authenticated attacker can execute arbitrary code with SYSTEM privileges on a remote Windows 2000 or XP SP1 system. On Windows XP SP2, this vulnerability could also be exploited by an unprivileged user to gain full privileges on a system to which he is logged in interactively. Both resulting in a loss of integrity to the system.

Classification

Location: Local Access Required, Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability for Windows 2000 and XP. Microsoft has not released a patch for the flaw affecting Windows NT 4.0 systems.

Products

Microsoft Corporation
Windows XP
SP2
SP1
Windows NT
4.0 SP1
4.0 SP2
4.0 SP3
4.0 SP4
4.0 SP5
4.0 SP6a
Windows 2000
SP4

References

Tools & Filters

20000 21193

Snort

4253 4254 4255 4256 4257 4258 4259 4260 4261 4262 4263 4264 4265 4266 4267 4268 4269 4270 4271 4272 4273 4274 4275 4276 4277 4278 4279 4280 4281 4282 4283 4284 4285 4286 4287 4288 4289 4290 4291 4292 4293 4294 4295 4296 4297 4298 4299 4300 4301 4302 4303 4304 4305 4306 4307 4308 4309 4310 4311 4312 4313 4314 4315 4316 4317 4318 4319 4320 4321 4322 4323 4324 4325 4326 4327 4328 4329 4330 4331 4332 4333 ... and 48 more

Credit

CVSSv2 Score

CVSSv2 Base Score = 6.5
Source: nvd.nist.gov | Generated: 2005-10-14 | Disagree?

Access_vector_2 Access_complexity_2 Authentication_1 Confidentiality_impact_1 Integrity_impact_1 Availability_impact_1

Comments

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2002 - 2014 Open Sourced Vulnerability Database (OSVDB), All Rights Reserved.
License - Privacy Statement - Terms of Use