|
Description
|
This indicates a possible attempt to exploit a stack based Plug and Play buffer overflow vulnerability in Microsoft Windows.
A Plug and Play Buffer Overflow Vulnerability is reported in Microsoft Windows that may allow an attacker to execute arbitrary code on vulnerable systems. This is due to the Plug and Play (PnP) service's failure to properly bounds check messages containing excessive data. A successful exploit of this vulnerability could lead to arbitrary code execution, resulting in an attacker gaining SYSTEM privileges. This exploit is used by the Zotob (aka Mytob) worm.
|
|
|
|
Impact
|
|
System compromise: remote code execution.
|
|
|
|
Affected Products
|
|
Microsoft Windows XP Professional SP2, Windows 2000 SP4, Windows 2003 SP1 and all editions and all earlier service packs.
|
|
Aliases
|
-TAG.SMB.DCERPC.PnP.Bind.445
-TAG.SMB.DCERPC.PnP.Bind.139
SMB.DCERPC.PnP.Buffer.Overflow.139.B
-TAG.SMB.DCERPC.PnP.Bind.Ack.445
-TAG.SMB.DCERPC.PnP.Bind.Ack.139
SMB.DCERPC.PnP.Buffer.Overflow.445.A
SMB.DCERPC.PnP.Buffer.Overflow.445.C
SMB.DCERPC.PnP.Buffer.Overflow.445.D
SMB.DCERPC.PnP.Buffer.Overflow.139.A
SMB.DCERPC.PnP.Buffer.Overflow.139.C
SMB.DCERPC.PnP.Buffer.Overflow.139.D
SMB.DCERPC.PnP.Buffer.Overflow.445.B
|
|
References
|
http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx
http://www.securityfocus.com/bid/14513
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1983
http://archives.neohapsis.com/archives/vulndiscuss/2005-q3/0006.html
|
|
Recommended Actions
|
Apply security patch to the system as given in the Microsoft Security Bulletin MS05-039.
|
