VDB
CVE-2005-2120
CVE-2005-2120
PUBLISHED
CVSS 6.5 MEDIUM
Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
EPSS 75.73% · 98.9th percentile
Risk Scores
CVSS 2.0
6.5
EPSS Score
75.73%
98.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| microsoft | windows_xp | |
| n/a | n/a | * |
| microsoft | windows_2000 |
Timeline
- Oct 13, 2005 CVE Published
- May 29, 2018 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 25, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Sep 3, 2023 EPSS Score
References
- 71 third-party-advisory
- 15065 vdb
- 17166 third-party-advisory
- MS05-047 vendor-advisory
- http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf url
- 17223 third-party-advisory
- oval:org.mitre.oval:def:1244 vdb
- 1015042 vdb
- AD20051011c third-party-advisory
- 18830 vdb
- 17172 third-party-advisory
- VU#214572 third-party-advisory
- oval:org.mitre.oval:def:1328 vdb
- oval:org.mitre.oval:def:1519 vdb
- TA05-284A third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2005-2120 advisory