Vulnerability Description
Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows Xp | All versions |
References
- http://secunia.com/advisories/17166PatchVendor Advisory
- http://secunia.com/advisories/17172
- http://secunia.com/advisories/17223
- http://securityreason.com/securityalert/71
- http://securitytracker.com/id?1015042Patch
- http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
- http://www.eeye.com/html/research/advisories/AD20051011c.htmlPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/214572Third Party AdvisoryUS Government Resource
- http://www.osvdb.org/18830
- http://www.securityfocus.com/bid/15065ExploitPatch
- http://www.us-cert.gov/cas/techalerts/TA05-284A.htmlThird Party AdvisoryUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-04
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2005-2120?
CVE-2005-2120 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary cod...
How severe is CVE-2005-2120?
CVE-2005-2120 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2120?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows Xp.