Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption.
labs.idefense.com/intelligence/vulnerabilities/display.php?id=509
secunia.com/advisories/24822
www.osvdb.org/34010
www.securityfocus.com/archive/1/466331/100/200/threaded
www.securityfocus.com/bid/23371
www.securitytracker.com/id?1017895
www.vupen.com/english/advisories/2007/1323
docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-019
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2049