Windows Plug and Play buffer overflow

Added: 03/03/2006
CVE: CVE-2005-1983
BID: 14513
OSVDB: 18605

Background

The Windows Plug and Play service allows Windows operating systems to automatically detect and configure a new hardware device, such as a mouse.

Problem

A buffer overflow in the Plug and Play service could allow command execution with administrative privileges.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 05-047.

References

http://www.microsoft.com/technet/security/bulletin/MS05-039.mspx

Limitations

Remote, uncredentialed command execution is not possible on Windows XP or Windows Server 2003.

Successful exploitation may cause the target to reboot after disconnection.

Platforms

Windows

Back to exploit index