| Vulnerability Name: | CCN-19705 | ||||||
| Published: | 2005-04-12 | ||||||
| Updated: | 2005-04-12 | ||||||
| Summary: | Plug and Play Service implementations contain a buffer overflow that could allow a remote attacker to execute arbitrary code. Microsoft Windows could allow a remote or local attacker to execute arbitrary code caused by a buffer overflow in the Plug and Play service. An attacker could send a specially-crafted message to an affected system to overflow the buffer and execute arbitrary code on the system or obtain elevated privileges on the system. The level of risk and whether the overflow can be exploited remotely or locally is dependent on the type of operating system. | ||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||
| CVSS v2 Severity: | 7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: CCN Type: Internet Security Systems Protection Advisory August 9, 2005 Windows Plug and Play Remote Compromise Source: CCN Type: Internet Security Systems Protection Alert August 9, 2005 Multiple Microsoft Vulnerabilities - August 2005 Source: XF Type: UNKNOWN plugandplay-overflow(19705) Source: CCN Type: IBM Internet Security Systems X-Force Database Microsoft Windows Plug and Play buffer overflow | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||