Microsoft Windows Plug and Play Registry Key Access Buffer Overflow
Gravedad: Medio
Identificadores de CVE : CVE-2005-2120
Fecha recomendada: 21 de julio de 2015
Descripción
Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
Revelación de la información
Apply associated Trend Micro DPI Rules.
Soluciones
Trend Micro Deep Security DPI Rule Number: 1000391
Trend Micro Deep Security DPI Rule Name: 1000391 - Microsoft Windows Plug and Play Registry Key Access Buffer Overflow
Software y versión afectados
- Microsoft Windows 2000 SP4
- Microsoft Windows XP SP1
- Microsoft Windows XP SP2