6.5

CVE-2005-2120

Exploit
Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 2000 Updatesp4 Langfr
MicrosoftWindows Xp Updatesp1 Editiontablet_pc
MicrosoftWindows Xp Updatesp2 Editiontablet_pc
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 63.06% 0.991
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/17223
http://secunia.com/advisories/17172
http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
http://www.us-cert.gov/cas/techalerts/TA05-284A.html
Third Party Advisory
US Government Resource
http://secunia.com/advisories/17166
Patch
Vendor Advisory
http://securityreason.com/securityalert/71
http://securitytracker.com/id?1015042
Patch
http://www.eeye.com/html/research/advisories/AD20051011c.html
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/214572
Third Party Advisory
US Government Resource
http://www.osvdb.org/18830
http://www.securityfocus.com/bid/15065
Patch
Exploit
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-047
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1244
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1328
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1519