CVE-2005-2120
Description
Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
Risk Information
Base Score
8.8
MODERATE
Vector
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
75.725
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Security Update for Windows 2000 (KB905749) | Windows |
| Security Update for Windows XP (KB905749) | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234