6.5
CVE-2005-2120
- EPSS 63.06%
- Veröffentlicht 13.10.2005 10:02:00
- Zuletzt bearbeitet 16.06.2026 22:14:18
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Windows 2000 Updatesp4 Langfr
Microsoft ≫ Windows Xp Updatesp1 Editiontablet_pc
Microsoft ≫ Windows Xp Updatesp2 Editiontablet_pc
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 63.06% | 0.991 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
http://secunia.com/advisories/17223
http://secunia.com/advisories/17172
http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
http://www.us-cert.gov/cas/techalerts/TA05-284A.html
http://secunia.com/advisories/17166
http://securityreason.com/securityalert/71
http://securitytracker.com/id?1015042
http://www.eeye.com/html/research/advisories/AD20051011c.html
http://www.kb.cert.org/vuls/id/214572
http://www.osvdb.org/18830
http://www.securityfocus.com/bid/15065
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-047
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1244
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1328
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1519