This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
APP:UPNP:MS-UPNP
|
Severity |
Critical
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
APP
|
Keywords |
Microsoft Universal Plug and Play Invalid Header Overflow
|
Release Date |
2007/04/10
|
Update Number |
1213
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
APP: Microsoft Universal Plug and Play Invalid Header Overflow
This signature detects attempts to exploit a known vulnerability in Microsoft Windows Universal Plug and Play. A successful attack can lead to a buffer overflow and arbitrary remote code execution resulting in full control of the target system.
Extended Description
Microsoft Windows is prone to a remote stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. This occurs when handling certain HTTP requests.
To exploit this issue, an attacker must be in the same network segment as the victim.
Successful exploits may allow attackers to execute arbitrary code with the privileges of the affected service. Failed exploits attempts will likely result in denial-of-service conditions.
Affected Products
- Avaya agent_access
- Avaya basic_call_management_system_reporting_desktop server
- Avaya basic_call_management_system_reporting_desktop
- Avaya cms_supervisor
- Avaya computer_telephony
- Avaya contact_center_express
- Avaya customer_interaction_express_(cie)_server 1.0
- Avaya customer_interaction_express_(cie)_user_interface 1.0
- Avaya cvlan
- Avaya enterprise_management
- Avaya integrated_management
- Avaya interaction_center
- Avaya interaction_center-voice_quick_start
- Avaya ip_agent
- Avaya ip_softphone
- Avaya modular_messaging_(mas)
- Avaya network_reporting
- Avaya octelaccess(r)_server
- Avaya octeldesignertm
- Avaya operational_analyst
- Avaya outbound_contact_management
- Avaya speech_access
- Avaya unified_communication_center
- Avaya unified_communications_center_s3400
- Avaya visual_messenger_tm
- Avaya visual_vector_client
- Avaya vpnmanagertm_console
- Avaya web_messenger
- Microsoft windows_xp
- Microsoft windows_xp_home SP1
- Microsoft windows_xp_home SP2
- Microsoft windows_xp_home
- Microsoft windows_xp_media_center_edition SP1
- Microsoft windows_xp_media_center_edition SP2
- Microsoft windows_xp_media_center_edition
- Microsoft windows_xp_professional SP1
- Microsoft windows_xp_professional SP2
- Microsoft windows_xp_professional
- Microsoft windows_xp_professional_x64_edition SP2
- Microsoft windows_xp_professional_x64_edition
- Microsoft windows_xp_tablet_pc_edition SP1
- Microsoft windows_xp_tablet_pc_edition SP2
- Microsoft windows_xp_tablet_pc_edition
- Nortel_networks enterprise_network_management_system
- Nortel_networks multiservice_data_manager_(operator_client)
References