Microsoft Windows Universal Plug and Play (UPNP) service vulnerable to buffer overflow via malformed advertisement packets

🗓️ 20 Dec 2001 00:00:00Reported by CERTType

cert

cert🔗 www.kb.cert.org👁 37 Views

Vulnerability in UPnP allows intruder to run arbitrary code on Microsoft Windows systems.

Reporter	Title	Published	Views	Family All 10
CVE	CVE-2001-0876	9 Mar 200205:00	–	cve
Cvelist	CVE-2001-0876	9 Mar 200205:00	–	cvelist
NVD	CVE-2001-0876	20 Dec 200105:00	–	nvd
OpenVAS	Unchecked Buffer in XP upnp	3 Nov 200500:00	–	openvas
OpenVAS	scan for UPNP hosts	3 Nov 200500:00	–	openvas
OpenVAS	Microsoft Windows XP Multiple Vulnerabilities (MS01-059, Q315000)	3 Nov 200500:00	–	openvas
securityvulns	Advisory CA-2001-37 Buffer Overflow in UPnP Service On Microsoft Windows	21 Dec 200100:00	–	securityvulns
securityvulns	Multiple Remote Windows XP/ME/98 Vulnerabilities	21 Dec 200100:00	–	securityvulns
Tenable Nessus	MS01-059: Unchecked Buffer in Universal Plug and Play can Lead to System Compromise (315000)	25 Jan 200200:00	–	nessus
Tenable Nessus	UPnP Client Detection	29 Dec 200100:00	–	nessus

Source	Link
eeye	www.eeye.com/html/Research/Advisories/AD20011220.html
microsoft	www.microsoft.com/technet/security/bulletin/MS01-059.asp
microsoft	www.microsoft.com/Downloads/Release.asp
download	www.download.microsoft.com/download/winme/Update/22940/WinMe/EN-US/314757USAM.EXE
microsoft	www.microsoft.com/Downloads/Release.asp
upnp	www.upnp.org/download/draft_cai_ssdp_v1_03.txt
upnp	www.upnp.org/download/UPnP_Vendor_Implementation_Guide_Jan2001.htm

21 Dec 2001 04:58Current

7.5High risk

Vulners AI Score7.5

CVSS 27.5

EPSS0.78699

buffer overflow universal plug and play microsoft windows exploit arbitrary code execution security patch