CyberSec.Space Logo
Back to CVE Browser

CVE-2005-1983

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0030%
EPSS Percentile32.27th
PublishedAug 10, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.

Affected Platforms (CPE)

πŸ’»
Microsoft

Windows 2000

All versions
πŸ’»
Microsoft

Windows Xp

All versions

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0384.html
πŸ”— http://secunia.com/advisories/16372
πŸ”— http://securitytracker.com/id?1014640
πŸ”— http://www.ciac.org/ciac/bulletins/p-266.shtml
πŸ”— http://www.frsirt.com/english/alerts/20050814.ZotobA.php
πŸ”— http://www.hsc.fr/ressources/presentations/null_sessions/
πŸ”— http://www.kb.cert.org/vuls/id/998653
πŸ”— http://www.osvdb.org/18605

Related Vulnerabilities

CVE-2000-103410.0

Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a ...

CVE-2000-006110.0

Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document h...

CVE-2000-022210.0

The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote ...

CVE-2000-107110.0

The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote...