|
|
|||
| Rule General Information |
|---|
| Release Date: | 2016-01-08 | |
| Rule Name: | Microsoft Windows Universal Plug and Play Service Remote Code Execution Vulnerability -3 (CVE-2007-1204) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows | |
| Reference: | MicrosoftSecurityBulletin:ms07-019 SecurityFocusBID:23371 SecurityTrackerID:1017895 |
|
| Solutions |
|---|
| Microsoft has released a patch MS07-019 to eliminate the vulnerability. The patch can be downloaded at http://www.microsoft.com/technet/security/bulletin/ms07-019.mspx |