ID CVE-2005-1983
Summary Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
CVSS
Base: 10.0 (as of 12-10-2018 - 21:36)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2011-05-09T04:00:02.722-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    description Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
    family windows
    id oval:org.mitre.oval:def:100073
    status accepted
    submitted 2005-08-16T12:00:00.000-04:00
    title Windows XP (64-bit) PnP Buffer Overflow
    version 66
  • accepted 2016-02-19T10:00:00.000-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
    family windows
    id oval:org.mitre.oval:def:160
    status accepted
    submitted 2006-09-22T05:40:00.000-04:00
    title Windows Server 2003 Plug and Play Buffer Overflow Vulnerability
    version 68
  • accepted 2016-02-19T10:00:00.000-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
    family windows
    id oval:org.mitre.oval:def:267
    status accepted
    submitted 2006-09-22T05:40:00.000-04:00
    title Windows XP Plug and Play Buffer Overflow Vulnerability
    version 69
  • accepted 2016-02-19T10:00:00.000-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
    family windows
    id oval:org.mitre.oval:def:474
    status accepted
    submitted 2006-09-22T05:40:00.000-04:00
    title Windows 2000 Plug and Play Buffer Overflow Vulnerability
    version 66
  • accepted 2016-02-19T10:00:00.000-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
    family windows
    id oval:org.mitre.oval:def:497
    status accepted
    submitted 2006-09-22T05:40:00.000-04:00
    title Windows XP,SP2 Plug and Play Buffer Overflow Vulnerability
    version 71
  • accepted 2016-02-19T10:00:00.000-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
    family windows
    id oval:org.mitre.oval:def:783
    status accepted
    submitted 2006-09-22T05:40:00.000-04:00
    title Windows Server 2003 Plug and Play Buffer Overflow Vulnerability
    version 70
refmap via4
bid 14513
cert TA05-221A
cert-vn VU#998653
ciac P-266
fulldisc 20050811 Windows 2000 universal exploit for MS05-039
iss 20050809 Windows Plug and Play Remote Compromise
misc
ms MS05-039
osvdb 18605
sectrack 1014640
secunia 16372
vupen ADV-2005-1354
xf win-plugandplay-bo(21602)
saint via4
bid 14513
description Windows Plug and Play buffer overflow
id win_patch_plugplay
osvdb 18605
title windows_plug_play
type remote
Last major update 12-10-2018 - 21:36
Published 10-08-2005 - 04:00
Back to Top