Follow:

Vulnerability:Win/PNP.UMPNPMGR.RCE!CVE-2005-2120

Severity rating
Important

Class/Type
Vulnerability

Discovered date
2005-10-11T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
No

Signature detection
Medium



On this page




Description

A remote code execution and local elevation of privilege vulnerability exists in Plug and Play that could allow an authenticated attacker who successfully exploited this vulnerability to take complete control of the affected system.



Impact

An authenticated attacker who successfully exploited this vulnerability could take complete control of the affected system.



Technical details (analysis)

Plug and Play (PnP) allows the operating system to detect new hardware when you install it on a system. For example, when you install a new mouse on your system, PnP allows Windows to detect it, allows Windows to load the needed drivers, and allows Windows to begin using the new mouse.On Windows 2000 and Windows XP Service Pack 1, an authenticated attacker could try to exploit the vulnerability by creating a specially crafted network message and sending the message to an affected system. The message could then cause the affected system to execute code. In certain Windows XP configurations, anonymous users could authenticate as the Guest account. For more information, see Microsoft Security Advisory 906574. To try to exploit this vulnerability on Windows XP Service Pack 2, an attacker must be able to log on locally to a system and could then run a specially crafted application.This is a remote code execution and local privilege elevation vulnerability. On Windows 2000 and Windows XP Service Pack 1, an authenticated user could remotely try to exploit this vulnerability. On Windows XP Service Pack 2, only an administrator can remotely access the affected component. Therefore, on Windows XP Service Pack 2, this is strictly a local privilege elevation vulnerability. An anonymous user cannot remotely attempt to exploit this vulnerability on Windows XP Service Pack 2. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.



Affected software

Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2



Non-affected software

Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)



References




Solutions




NIS signature

Name: Vulnerability:Win/PNP.UMPNPMGR.RCE!CVE-2005-2120
Release Date: 2005-10-11T00:00:00



Known false positives

No known false positives at this time.



Work-arounds

Block TCP ports 139 and 445 at the firewall
To help protect from network-based attempts to exploit this vulnerability, use a personal firewall, such as the Internet Connection Firewall, which is included with Windows XP Service Pack 1.
To help protect from network-based attempts to exploit this vulnerability, enable advanced TCP/IP filtering on systems that support this feature.