| Patch Name : |
WindowsXP-KB931261-x86-ENU.exe |
| Patch Description : |
Security Update for Windows XP (KB931261) |
| Bulletin Id : |
MS07-019 |
| Bulletin Title : |
Vulnerability in Universal Plug and Play Could Allow Remote Code Execution (931261) |
| KnowledgeBase : | 931261 |
| Severity : |
Critical |
| Location Path : | WindowsXP-KB931261-x86-ENU.exe |
| Bulletin Summary: |
A remote code execution vulnerability exists in the Universal Plug and Play (UPnP) service in the way that it handles specially crafted HTTP requests. These HTTP requests could only be sent directly to a target computer by an attacker on the same subnet. The Windows XP firewall and the protocol enforce this subnet restriction. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the Local Service account. |
| Superceding Bulletin Id : |
None |
| Patch Release Date : |
Apr 10, 2007 |
| CVE Id : | CVE-2007-1204 |
| Affected Product Information |
|
| Product Name |
Service Pack Name |
| Windows XP Professional | Windows XP Service Pack 2 |
|
| File changes |
|
| File Path |
Version |
| %windir%\system32\Upnphost.dll | 5.1.2600.3077 |
|
| Registry changes |
|
| Registry Path |
Key Name |
Key Value |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB931261 | | -2 |
|
