Microsoft Plug and Play fails to properly validate user supplied data

Overview

Microsoft Plug and Play contains a flaw in message buffer handling that may result in local or remote arbitrary code execution or a denial-of-service condition.

Description

The following is from the Microsoft Plug and Play description:

Plug and Play_ (PnP) allows the operating system to detect new hardware when you install it on a system. For example, when you install a new mouse on your system, PnP allows Windows to detect it, allows Windows to load the needed drivers, and allows Windows to begin using the new mouse._The Plug and Play service in Microsoft Windows contains a buffer overflow that may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

A flaw in the methods used to validate user data in the Windows Plug and Play system may allow a remote, authenticated user to execute arbitrary code on some platforms. Note that on other platforms, the user must be a local, authenticated user and that the flaw cannot be exploited remotely.

This vulnerability is similar to the issue reported in MS05-039 (VU#998653). However, the issue reported in MS05-047 (VU#214572) is only exploitable by remote, authenticated attackers on Windows 2000 and Windows XP SP1, and is only exploitable by local, authenticated users on Windows XP SP2.

Proof of concept exploit code has been made public, with the implication that this is being routinely exploited.

Impact

A remote, authenticated user may be able to execute arbitrary code.

---

Solution

Apply an update
Please see Microsoft Security Bulletin MS05-047 for more information.

---

Vendor Information

214572

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Microsoft Corporation __ Affected

Updated: October 11, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see Microsoft Security Bulletin MS05-047 for more information.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23214572 Feedback>).

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• <http://www.microsoft.com/technet/security/Bulletin/MS05-047.mspx&gt;
• <http://www.eeye.com/html/research/advisories/AD20051011c.html&gt;

Acknowledgements

Microsoft reported this vulnerability, and in turn thank eEye Digital Security for information on the issue.

This document was written by Ken MacInnis.

Other Information

CVE IDs:	CVE-2005-2120
Severity Metric:	30.98 Date Public: