Vulnerability Details : CVE-2005-2120
Public exploit exists!
Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
Vulnerability category: OverflowExecute code
Products affected by CVE-2005-2120
- cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-2120
13.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2005-2120
-
Microsoft Plug and Play Service Registry Overflow
First seen: 2020-04-26auxiliary/dos/windows/smb/ms05_047_pnpThis module triggers a stack buffer overflow in the Windows Plug and Play service. This vulnerability can be exploited on Windows 2000 without a valid user account. Since the PnP service runs inside the service.exe process, this module will result in a forc
CVSS scores for CVE-2005-2120
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
References for CVE-2005-2120
-
http://www.eeye.com/html/research/advisories/AD20051011c.html
Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/15065
Microsoft Windows Plug And Play UMPNPMGR.DLL wsprintfW Buffer Overflow VulnerabilityExploit;Patch
-
http://www.kb.cert.org/vuls/id/214572
Third Party Advisory;US Government Resource
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-047
-
http://securityreason.com/securityalert/71
-
http://securitytracker.com/id?1015042
Patch
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1519
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1244
-
http://www.us-cert.gov/cas/techalerts/TA05-284A.html
Third Party Advisory;US Government Resource
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1328
-
http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
Jump to