Summary
Unchecked Buffer in Universal Plug and Play Can
Lead to System Compromise for Windows XP (Q315000)
By sending a specially-malformed NOTIFY directive, it would be possible for an attacker to cause code to run in the context of the UPnP service, which
runs with system privileges on Windows XP.
The UPnP implementations do not adequately
regulate how it performs this operation, and this
gives rise to two different denial-of-service
scenarios. (CVE-2001-0877)
See http://www.microsoft.com/technet/security/bulletin/ms01-059.mspx
Severity
Classification
-
CVE CVE-2001-0876 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Message Queuing Remote Code Execution Vulnerability (951071) - Remote
- Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844)
- Microsoft Comctl32 Integer Overflow Vulnerability (2864058)
- ADODB.Stream object from Internet Explorer (KB870669)
- Cumulative Security Update for Internet Explorer (931768)