Microsoft Windows Plug and Play Registry Key Access Buffer Overflow
Gravità: : Medio
Identificatori CVE: CVE-2005-2120
Data notifica: 21 luglio 2015
Descrizione
Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
Informazioni esposizione:
Apply associated Trend Micro DPI Rules.
Soluzioni
Trend Micro Deep Security DPI Rule Number: 1000391
Trend Micro Deep Security DPI Rule Name: 1000391 - Microsoft Windows Plug and Play Registry Key Access Buffer Overflow
Software e versione interessati:
- Microsoft Windows 2000 SP4
- Microsoft Windows XP SP1
- Microsoft Windows XP SP2