VDB

CVE-2005-2120

CVE-2005-2120 PUBLISHED CVSS 6.5 MEDIUM

Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.

EPSS 75.73% · 98.9th percentile

Risk Scores

CVSS 2.0
6.5
EPSS Score
75.73%
98.9th percentile

Affected Products

VendorProductVersions
microsoftwindows_xp
n/an/a*
microsoftwindows_2000

Timeline

  • Oct 13, 2005 CVE Published
  • May 29, 2018 PoC Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 9, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 25, 2023 EPSS Score
  • May 25, 2023 EPSS Score
  • Sep 3, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›