18605 : Microsoft Windows Plug-and-Play Service Remote Overflow
Printer | http://osvdb.org/18605 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
6	1794	over 6 years ago	about 1 year ago	11 times	90%

Timeline

Disclosure Date	Exploit Publish Date
2005-08-09	2005-08-11

Keywords

worm

Description

A remote overflow exists in Windows. The Plug and Play Service fails to validate the length of a message resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Local Access Required, Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Commercial
Disclosure: OSVDB Verified

Technical

Microsoft claims that this vulnerability is a local privilege escalation on Windows XP and Windows Server 2003, due to the affected component being remotely available only to administrative users.

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Windows	2000 SP4
		XP SP1
		XP SP2
		XP Professional x64 Edition
	Windows Server	2003
		2003 SP1
		2003 for Itanium
		2003 for Itanium SP1
		2003 x64 Edition

References

Security Tracker: 1014640
Milw0rm: 1146 1179
Exploit Database: 1146 1179
Bugtraq ID: 14513
Secunia Advisory ID: 16372
Metasploit ID: 18605
CVE ID: 2005-1983 (see also: NVD)
ISS X-Force ID: 21602
Microsoft Knowledge Base Article: 899588
CERT VU: 998653
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0384.html
Generic Exploit URL: http://immunitysec.com
http://www.saintcorporation.com/cgi-bin/exploit_info/windows_plug_play
Other Advisory URL: http://www.f-secure.com/v-descs/zotob_a.shtml
http://www.niscc.gov.uk/niscc/docs/br-20050815-00684.html?lang=en
http://www.securiteam.com/windowsntfocus/5YP0E00GKW.html
http://xforce.iss.net/xforce/alerts/id/202
Vendor Specific Advisory URL: http://www.microsoft.com/technet/security/advisory/906574.mspx
Microsoft Security Bulletin: MS05-039
CIAC Advisory: p-266
Keyword: worm Zotob

Tools & Filters

19402 19408

Snort

3952 3953 3954 3955 3956 3957 3958 3959 3960 3961 3962 3963 3964 3965 3966 3967 3968 3969 3970 3971 3972 3973 3974 3975 3976 3977 3978 3979 3980 3981 3982 3983 3984 3985 3986 3987 3988 3989 3990 3991 3992 3993 3994 3995 3996 3997 3998 3999 4000 4001 4002 4003 4004 4005 4006 4007 4008 4009 4010 4011 4012 4013 4014 4015 4061 4062 4063 4064 4065 4066 4067 4068 4069 4070 4071 4072 4073 4074 4075 4076 4077 ... and 49 more

Credit

Neel Mehta - -

CVSSv2 Score

CVSSv2 Base Score = 10.0
Source: nvd.nist.gov | Generated: 2005-08-10 | Disagree?

Blogs

This product uses the Daylife API but is not endorsed or certified by Daylife.

This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.