6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.03 Low
EPSS
Percentile
90.9%
Microsoft Plug and Play contains a flaw in message buffer handling that may result in local or remote arbitrary code execution or a denial-of-service condition.
The following is from the Microsoft Plug and Play description:
Plug and Play_ (PnP) allows the operating system to detect new hardware when you install it on a system. For example, when you install a new mouse on your system, PnP allows Windows to detect it, allows Windows to load the needed drivers, and allows Windows to begin using the new mouse._The Plug and Play service in Microsoft Windows contains a buffer overflow that may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
A flaw in the methods used to validate user data in the Windows Plug and Play system may allow a remote, authenticated user to execute arbitrary code on some platforms. Note that on other platforms, the user must be a local, authenticated user and that the flaw cannot be exploited remotely.
This vulnerability is similar to the issue reported in MS05-039 (VU#998653). However, the issue reported in MS05-047 (VU#214572) is only exploitable by remote, authenticated attackers on Windows 2000 and Windows XP SP1, and is only exploitable by local, authenticated users on Windows XP SP2.
A remote, authenticated user may be able to execute arbitrary code.
Apply an update
Please see Microsoft Security Bulletin MS05-047 for more information.
214572
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: October 11, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see Microsoft Security Bulletin MS05-047 for more information.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23214572 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Microsoft reported this vulnerability, and in turn thank eEye Digital Security for information on the issue.
This document was written by Ken MacInnis.
CVE IDs: | CVE-2005-2120 |
---|---|
Severity Metric: | 30.98 Date Public: |