Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:5FF736F5EAC824BEFB3C534FCFA9B449
HistoryMar 03, 2006 - 12:00 a.m.

Windows Plug and Play buffer overflow

2006-03-0300:00:00
SAINT Corporation
my.saintcorporation.com
17

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON

Added: 03/03/2006
CVE: CVE-2005-1983
BID: 14513
OSVDB: 18605

Background

The Windows Plug and Play service allows Windows operating systems to automatically detect and configure a new hardware device, such as a mouse.

Problem

A buffer overflow in the Plug and Play service could allow command execution with administrative privileges.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 05-047.

References

<http://www.microsoft.com/technet/security/bulletin/MS05-039.mspx&gt;

Limitations

Remote, uncredentialed command execution is not possible on Windows XP or Windows Server 2003.

Successful exploitation may cause the target to reboot after disconnection.

Platforms

Windows

Related

cert 1
saint 3
nessus 2
cvelist 1
securityvulns 2
canvas 1
packetstorm 1
seebug 1
checkpoint_advisories 1
cve 1
nvd 1
cert
cert
Microsoft Plug and Play contains a buffer overflow vulnerability
2005-08-09 00:00:00
saint
saint
Windows Plug and Play buffer overflow
2006-03-03 00:00:00
Windows Plug and Play buffer overflow
2006-03-03 00:00:00
Windows Plug and Play buffer overflow
2006-03-03 00:00:00
nessus
nessus
MS05-039: Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)
2005-08-09 00:00:00
MS05-039: Vulnerability in Plug and Play Service Could Allow Remote Code Execution (899588) (uncredentialed check)
2005-08-09 00:00:00
cvelist
cvelist
CVE-2005-1983
2005-08-10 04:00:00
securityvulns
securityvulns
indows Plug and Play Remote Compromise
2005-08-09 00:00:00
Microsoft Security Bulletin MS05-039 Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege &#40;899588&#41;
2005-08-09 00:00:00
canvas
canvas
Immunity Canvas: MS05_039
2005-08-10 04:00:00
packetstorm
packetstorm
Microsoft Plug and Play Service Overflow
2009-11-26 00:00:00
seebug
seebug
MS Windows Plug-and-Play Service Remote Universal Exploit (MS05-039)
2005-08-12 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Plug and Play Service Buffer Overflow (MS05-039; CVE-2005-1983)
2005-08-16 00:00:00
cve
cve
CVE-2005-1983
2005-08-10 04:00:00
nvd
nvd
CVE-2005-1983
2005-08-10 04:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON
Related for SAINT:5FF736F5EAC824BEFB3C534FCFA9B449
cert1saint3nessus2cvelist1securityvulns2canvas1packetstorm1seebug1checkpoint_advisories1cve1nvd1