National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2005-1983 Detail

Description

Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.

Source:  MITRE
Description Last Modified:  08/10/2005

Impact

CVSS v2.0 Severity and Metrics:

Base Score: 10.0 HIGH
Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) (V2 legend)
Impact Subscore: 10.0
Exploitability Subscore: 10.0


Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (AU): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete
Additional Information:
Provides administrator access
Allows unauthorized disclosure of information
Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0384.html
http://securitytracker.com/id?1014640
http://www.ciac.org/ciac/bulletins/p-266.shtml
http://www.frsirt.com/english/alerts/20050814.ZotobA.php
http://www.hsc.fr/ressources/presentations/null_sessions/
http://www.kb.cert.org/vuls/id/998653 US Government Resource
http://www.securiteam.com/windowsntfocus/5YP0E00GKW.html
http://www.securityfocus.com/bid/14513
http://www.us-cert.gov/cas/techalerts/TA05-221A.html Patch US Government Resource
http://www.vupen.com/english/advisories/2005/1354
http://xforce.iss.net/xforce/alerts/id/202
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-039
https://exchange.xforce.ibmcloud.com/vulnerabilities/21602
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100073
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A160
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A267
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A474
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A497
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A783

References to Check Content

Identifier:
oval:org.mitre.oval:def:100073
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:100073
Identifier:
oval:org.mitre.oval:def:160
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:160
Identifier:
oval:org.mitre.oval:def:267
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:267
Identifier:
oval:org.mitre.oval:def:474
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:474
Identifier:
oval:org.mitre.oval:def:497
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:497
Identifier:
oval:org.mitre.oval:def:783
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:783

Technical Details

Vulnerability Type (View All)

Change History

4 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2005-1983
NVD Published Date:
08/10/2005
NVD Last Modified:
10/12/2018