This is a
candidate for inclusion in
the CVE list, which standardizes names for security
problems. It must be reviewed and accepted by the
CVE Editorial Board
before it can be added into CVE. Therefore, this candidate may be
modified or even rejected in the future.
Name |
CVE-2005-1983 (under review) |
Status |
Candidate |
Description |
Stack-based buffer overflow in the Plug and Play (PnP) service for
Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote
attackers to execute arbitrary code via a crafted packet, and local
users to gain privileges via a malicious application, as exploited by
the Zotob (aka Mytob) worm.
|
References |
- MS:MS05-039
- URL:http://www.microsoft.com/technet/Security/bulletin/ms05-039.mspx
- ISS:20050809 Windows Plug and Play Remote Compromise
- URL:http://xforce.iss.net/xforce/alerts/id/202
- CERT:TA05-221A
- URL:http://www.us-cert.gov/cas/techalerts/TA05-221A.html
- CERT-VN:VU#998653
- URL:http://www.kb.cert.org/vuls/id/998653
- CIAC:P-266
- URL:http://www.ciac.org/ciac/bulletins/p-266.shtml
- MISC:http://www.hsc.fr/ressources/presentations/null_sessions/
- MISC:http://www.securiteam.com/windowsntfocus/5YP0E00GKW.html
- MISC:http://www.frsirt.com/english/alerts/20050814.ZotobA.php
- FULLDISC:20050811 Windows 2000 universal exploit for MS05-039
- URL:http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0384.html
- BID:14513
- URL:http://www.securityfocus.com/bid/14513
- FRSIRT:ADV-2005-1354
- URL:http://www.frsirt.com/english/advisories/2005/1354
- OVAL:OVAL100073
- URL:http://oval.mitre.org/oval/definitions/data/oval100073.html
- SECUNIA:16372
- URL:http://secunia.com/advisories/16372
- SECTRACK:1014640
- URL:http://securitytracker.com/id?1014640
- OSVDB:18605
- URL:http://www.osvdb.org/18605
- XF:win-plugandplay-bo(21602)
- URL:http://xforce.iss.net/xforce/xfdb/21602
|
Phase |
Assigned (20050617) |
Votes |
|
Comments |
|
Note: References
are provided for the convenience of the reader to
help distinguish between vulnerabilities. The list of references is
not intended to be complete.
Candidate assigned on 20050617 and proposed on N/A
You can also search by reference using
reference maps.
Home to cve.mitre.org
For more information, please contact cve@mitre.org.