Microsoft Windows Plug and Play Registry Key Access Buffer Overflow
危険度: 中
CVE識別番号: CVE-2005-2120
情報公開日: 7 21, 2015
概要
Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
トレンドマイクロの対策
Apply associated Trend Micro DPI Rules.
対応方法
Trend Micro Deep Security DPI Rule Number: 1000391
Trend Micro Deep Security DPI Rule Name: 1000391 - Microsoft Windows Plug and Play Registry Key Access Buffer Overflow
影響を受けるソフトウェア
- Microsoft Windows 2000 SP4
- Microsoft Windows XP SP1
- Microsoft Windows XP SP2