6.5

CVE-2005-2120

Exploit

EPSS 76.2%
Published 13.10.2005 10:02:00
Last modified 03.04.2025 01:03:51
Source secure@microsoft.com
Teams watchlist Login
Open Login

Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.

Affected products Warnungen 0 Metrics 2 CWE 0 References 18

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows 2000 Updatesp4 Langfr

Microsoft ≫ Windows Xp Updatesp1 Editiontablet_pc

Microsoft ≫ Windows Xp Updatesp2 Editiontablet_pc

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	76.2%	0.989

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

http://secunia.com/advisories/17223

http://secunia.com/advisories/17172

http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf

http://www.us-cert.gov/cas/techalerts/TA05-284A.html

Third Party Advisory

US Government Resource

http://secunia.com/advisories/17166

Patch

Vendor Advisory

http://securityreason.com/securityalert/71

http://securitytracker.com/id?1015042

Patch

http://www.eeye.com/html/research/advisories/AD20051011c.html

Patch

Vendor Advisory

http://www.kb.cert.org/vuls/id/214572

Third Party Advisory

US Government Resource

http://www.osvdb.org/18830

http://www.securityfocus.com/bid/15065

Patch

Exploit

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-047

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1244

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1328

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1519

https://nvd.nist.gov/vuln/detail/CVE-2005-2120

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-2120

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-2120

EUVD