| VID |
26162 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix (KB899588) for 'Remote Code Execution Vulnerability in Plug and Play' seems not to have been applied. Plug and Play (PnP) allows the operating system to detect new hardware when you install it on a system. Microsoft Windows 2000, Windows XP and Windows Server 2003 could allow a remote attacker to execute arbitrary code on the system, caused by a buffer overflow in the Plug and Play service. On Windows 2000, an anonymous attacker could try to exploit the vulnerability by creating a specially crafted message and sending the message to an affected system. The message could then cause the affected system to execute code. This would be possible remotely on Windows XP Service Pack 1 from authenticated users only. On Windows XP Service Pack 2 and Windows Server 2003, to try to exploit the vulnerability, an attacker must be able to log on locally to a system and could then run a specially crafted application.
* Note: This check is able to check for the Windows 2000 platforms only.
* References:
http://www.microsoft.com/technet/security/bulletin/ms05-039.mspx
http://xforce.iss.net/xforce/alerts/id/202
* Platforms Affected:
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows Server 2003 Service Pack 1 |
| Recommendation |
Apply the appropriate patch (KB899588) for your system, as listed in Microsoft Security Bulletin MS05-039 at http://www.microsoft.com/technet/security/bulletin/ms05-039.mspx
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2005-1988,CVE-2005-1989,CVE-2005-1990 (CVE) |
| Related URL |
14511,14512,14515 (SecurityFocus) |
| Related URL |
21701,21702,21703 (ISS) |
|
