Vulnerability Description
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows Xp | All versions |
Related Weaknesses (CWE)
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=509
- http://secunia.com/advisories/24822Vendor Advisory
- http://www.osvdb.org/34010
- http://www.securityfocus.com/archive/1/466331/100/200/threaded
- http://www.securityfocus.com/bid/23371
- http://www.securitytracker.com/id?1017895
- http://www.vupen.com/english/advisories/2007/1323Vendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-01
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=509
- http://secunia.com/advisories/24822Vendor Advisory
- http://www.osvdb.org/34010
- http://www.securityfocus.com/archive/1/466331/100/200/threaded
- http://www.securityfocus.com/bid/23371
- http://www.securitytracker.com/id?1017895
FAQ
What is CVE-2007-1204?
CVE-2007-1204 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in r...
How severe is CVE-2007-1204?
CVE-2007-1204 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1204?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows Xp.