NASLDB: MS05-047: Plug and Play Remote Code Execution and Local Privilege Elevation (905749) (uncredentialed check)
General
ID: 21193
Name: MS05-047: Plug and Play Remote Code Execution and Local Privilege Elevation (905749) (uncredentialed check)
Summary: Determines the presence of update 905749
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: –
Port: 139
Family: Windows
Type: Local
Description
The remote host contains a version of the Plug and Play service that
contains a vulnerability in the way it handles user supplied data.
An authenticated attacker may exploit this flaw by sending a malformed
RPC request to the remote service and execute code with SYSTEM
privileges.
Note that authentication is not required against Windows 2000 if the
MS05-039 patch is missing.
Exploiting
Exploit Available: True
Exploitability Ease: Exploits are available
Sources
CVE: CVE-2005-2120
OSVDB: 18830
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: 2005/10/12
Patch Release: 2005/10/11
Plugin Release: 2007/03/12
Plugin
Version: 1.22
Filename: smb_kb905749.nasl
Filesize: 3848 bytes
MD5 Hash: 67dd29a01e2bf0d494aa832251d32c7f
Identification: Host/OS/smb
Require Keys: Host/OS/smb
Dependencies: "smb_nativelanman.nasl","smb_login.nasl"
Copyright: This script is Copyright© 2007-2012 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack