Microsoft Windows XP UPnP Remote Memory Corruption

2007-04-10T14:03:47
ID OSVDB:34010
Type osvdb
Reporter Greg MacManus()
Modified 2007-04-10T14:03:47

Description

Vulnerability Description

A remote overflow exists in Windows XP. The Universal Plug and Play component fails to proper check boundary conditions when parsing certain HTTP headers resulting in a stack-based overflow. With a specially crafted HTTP request, an attacker can cause code execution with Local Service privileges resulting in a loss of integrity.

Technical Description

To exploit this vulnerability an attacker must be on the same subnet as the target system.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

A remote overflow exists in Windows XP. The Universal Plug and Play component fails to proper check boundary conditions when parsing certain HTTP headers resulting in a stack-based overflow. With a specially crafted HTTP request, an attacker can cause code execution with Local Service privileges resulting in a loss of integrity.

References:

Vendor URL: http://www.microsoft.com Security Tracker: 1017895 Secunia Advisory ID:24822 Other Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=509 News Article: http://www.infoworld.com/article/07/04/10/HNmspathceswindowsserverflaws_1.html Microsoft Security Bulletin: MS07-019 Microsoft Knowledge Base Article: 931261 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0159.html Keyword: TCP port 2869 Keyword: UDP port 1900 Keyword: MS07-019 ISS X-Force ID: 33268 FrSIRT Advisory: ADV-2007-1323 CVE-2007-1204 Bugtraq ID: 23371