Alias(es)SMB.DCERPC.PnP.Buffer.Overflow.139.B, SMB.DCERPC.PnP.Buffer.Overflow.445.A, SMB.DCERPC.PnP.Buffer.Overflow.445.C, SMB.DCERPC.PnP.Buffer.Overflow.445.D, SMB.DCERPC.PnP.Buffer.Overflow.139.A, SMB.DCERPC.PnP.Buffer.Overflow.139.C, SMB.DCERPC.PnP.Buffer.Overflow.139.D, SMB.DCERPC.PnP.Buffer.Overflow.445.B |
Release DateAug 16, 2005 |
Severitycritical |
ImpactSystem compromise: Remote code execution. |
DescriptionThis indicates a possible attempt to exploit a stack-based Plug and Play buffer-overflow vulnerability in Microsoft Windows.The vulnerability is due to the Plug and Play (PnP) service's failure to properly bounds check messages containing excessive data. A successful exploit of this vulnerability could lead to arbitrary code execution, resulting in an attacker gaining SYSTEM privileges. This exploit is used by the Zotob (aka Mytob) worm. |
Affected ProductsMicrosoft Windows XP Professional SP2, Windows 2000 SP4, Windows 2003 SP1 and all editions and all earlier service packs. |
Recommended ActionsApply the security patch to the system as given in the Microsoft Security Bulletin MS05-039. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2005-1983 |
Reference/shttp://www.securityfocus.com/bid/14513 (BugTraq)http://archives.neohapsis.com/archives/vulndiscuss/2005-q3/0006.html http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx (MS-ID) |
