Lucene search

K
cveMicrosoftCVE-2007-1204
HistoryApr 10, 2007 - 9:19 p.m.

CVE-2007-1204

2007-04-1021:19:00
CWE-119
microsoft
web.nvd.nist.gov
37
cve-2007-1204
stack-based buffer overflow
upnp service
windows xp sp2
remote code execution
crafted http headers
memory corruption
nvd

CVSS2

6.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:H/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

Low

EPSS

0.903

Percentile

98.9%

Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption.

Affected configurations

Nvd
Node
microsoftwindows_xpsp2
VendorProductVersionCPE
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*

CVSS2

6.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:H/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

Low

EPSS

0.903

Percentile

98.9%