CVE-2005-2120 Information

Feb 14, 2021 cve

Description

Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4 and XP SP1 and SP2 allows remote or local authenticated attackers to execute arbitrary code via a large number of \\ (backslash) characters in a registry key name which triggers the overflow in a wsprintfW function call.

Reference

http://secunia.com/advisories/17166 http://secunia.com/advisories/17172 http://secunia.com/advisories/17223 http://securityreason.com/securityalert/71 http://securitytracker.com/id?1015042 http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf http://www.eeye.com/html/research/advisories/AD20051011c.html http://www.kb.cert.org/vuls/id/214572 http://www.osvdb.org/18830 http://www.securityfocus.com/bid/15065 http://www.us-cert.gov/cas/techalerts/TA05-284A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-047 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1244 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1328 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1519

Share on: