search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Microsoft Plug and Play fails to properly validate user supplied data

Vulnerability Note VU#214572

Original Release Date: 2005-10-11 | Last Revised: 2005-10-27

Overview

Microsoft Plug and Play contains a flaw in message buffer handling that may result in local or remote arbitrary code execution or a denial-of-service condition.

Description

The following is from the Microsoft Plug and Play description:


    Plug and Play (PnP) allows the operating system to detect new hardware when you install it on a system. For example, when you install a new mouse on your system, PnP allows Windows to detect it, allows Windows to load the needed drivers, and allows Windows to begin using the new mouse.
The Plug and Play service in Microsoft Windows contains a buffer overflow that may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

A flaw in the methods used to validate user data in the Windows Plug and Play system may allow a remote, authenticated user to execute arbitrary code on some platforms. Note that on other platforms, the user must be a local, authenticated user and that the flaw cannot be exploited remotely.

This vulnerability is similar to the issue reported in MS05-039 (VU#998653). However, the issue reported in MS05-047 (VU#214572) is only exploitable by remote, authenticated attackers on Windows 2000 and Windows XP SP1, and is only exploitable by local, authenticated users on Windows XP SP2.

Proof of concept exploit code has been made public, with the implication that this is being routinely exploited.

Impact

A remote, authenticated user may be able to execute arbitrary code.

Solution

Apply an update
Please see Microsoft Security Bulletin MS05-047 for more information.

Vendor Information

214572
 
Affected   Unknown   Unaffected

Microsoft Corporation

Updated:  October 11, 2005

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see Microsoft Security Bulletin MS05-047 for more information.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

Microsoft reported this vulnerability, and in turn thank eEye Digital Security for information on the issue.

This document was written by Ken MacInnis.

Other Information

CVE IDs: CVE-2005-2120
Severity Metric: 30.98
Date Public: 2005-10-11
Date First Published: 2005-10-11
Date Last Updated: 2005-10-27 15:13 UTC
Document Revision: 9

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.