Korean

<< Back VID 26154 Severity 40 Port 139,445 Protocol TCP Class SMB Detailed Description The hotfix (KB899588) for 'Remote Code Execution Vulnerability in Plug and Play' has not been applied. Plug and Play (PnP) allows the operating system to detect new hardware when you install it on a system. Microsoft Windows 2000, Windows XP and Windows Server 2003 could allow a remote attacker to execute arbitrary code on the system, caused by a buffer overflow in the Plug and Play service. On Windows 2000, an anonymous attacker could try to exploit the vulnerability by creating a specially crafted message and sending the message to an affected system. The message could then cause the affected system to execute code. This would be possible remotely on Windows XP Service Pack 1 from authenticated users only. On Windows XP Service Pack 2 and Windows Server 2003, to try to exploit the vulnerability, an attacker must be able to log on locally to a system and could then run a specially crafted application. * Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts. * References: http://www.microsoft.com/technet/security/bulletin/ms05-039.mspx http://xforce.iss.net/xforce/alerts/id/202 * Platforms Affected: Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP Service Pack 2 Microsoft Windows Server 2003 Service Pack 1 Recommendation Apply the appropriate patch (KB899588) for your system, as listed in Microsoft Security Bulletin MS05-039 at http://www.microsoft.com/technet/security/bulletin/ms05-039.mspx -- OR -- Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch. Related URL CVE-2005-1983 (CVE) Related URL 14513 (SecurityFocus) Related URL 21602,21603 (ISS)