Summary
Unchecked Buffer in Universal Plug and Play Can
Lead to System Compromise for Windows XP (Q315000)
By sending a specially-malformed NOTIFY directive, it would be possible for an attacker to cause code to run in the context of the UPnP service, which
runs with system privileges on Windows XP.
The UPnP implementations do not adequately
regulate how it performs this operation, and this
gives rise to two different denial-of-service
scenarios. (CVE-2001-0877)
See http://www.microsoft.com/technet/security/bulletin/ms01-059.mspx
Severity
Classification
-
CVE CVE-2001-0876 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)
- Microsoft Group Policy Remote Code Execution Vulnerability (3000483)
- Cumulative Security Update for Internet Explorer (931768)
- Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270)
- Cumulative Security Update for Internet Explorer (939653)