National Cyber-Alert System
Vulnerability Summary: CVE-2005-1983
Orirignal release date: 2005-08-10
Source: US-CERT/NIST

Overview

    Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.

Impact

    CVSS Severity: 10 (High)
    Range: local,remote
    Authentication: input buffer="1"
    Impact Type: sec_prot admin="1" user="1"

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    Windows 2000 (Microsoft)
    Windows XP (Microsoft)

Technical Details

CVE Standard Vulnerability Entry: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1983