Microsoft Windows Plug and Play Registry Key Access Buffer Overflow
Schweregrad:: Mittel
CVE Kennungen:: CVE-2005-2120
Hinweisdatum: 21 Juli 2015
Beschreibung
Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
Trend Micro Lösungen
Apply associated Trend Micro DPI Rules.
Lösungen
Trend Micro Deep Security DPI Rule Number: 1000391
Trend Micro Deep Security DPI Rule Name: 1000391 - Microsoft Windows Plug and Play Registry Key Access Buffer Overflow
Betroffene Software und Version:
- Microsoft Windows 2000 SP4
- Microsoft Windows XP SP1
- Microsoft Windows XP SP2