|
Family: Windows : Microsoft Bulletins --> Category: infos
Unchecked Buffer in Universal Plug and Play can Lead to System Compromise Vulnerability Scan
Vulnerability Scan Summary Acertains the presence of hotfix Q315000
Detailed Explanation for this Vulnerability Test
Synopsis :
The Universal Plug and Play service on the remote host is prone to
denial of service and buffer overflow attacks.
Description :
Using a specially-crafted NOTIFY directive, a remote attacker can
cause code to run in the context of the Universal Plug and Play, UPnP,
subsystem or possibly lead to a denial of service attack against the
affected host. Note that under Windows XP, the UPnP subsystem
operates with SYSTEM rights.
Solution :
Microsoft has released a set of patches for Windows 98, 98SE, ME, and XP :
http://www.microsoft.com/technet/security/bulletin/ms01-059.mspx
Threat Level:
Critical / CVSS Base Score : 10
(AV:R/AC:L/Au:NR/C:C/A:C/I:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|