|
Microsoft Windows Unspecified USB Device Driver Vulnerability
|
|
Secunia Advisory:
|
SA16210
|
|
|
Release Date:
|
2005-07-27
|
|
Popularity:
|
29,559 views
|
|
|
Critical:
|
 Less critical
|
|
Impact:
|
System access
|
|
Where:
|
Local system
|
|
Solution Status:
|
Unpatched
|
|
| OS: | Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Professional Microsoft Windows 2000 Server Microsoft Windows 98 Microsoft Windows 98 Second Edition Microsoft Windows Millenium Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Web Edition Microsoft Windows XP Home Edition Microsoft Windows XP Professional
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| CVE reference: | CVE-2005-2388
|
|
Description: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people with physical access to a vulnerable system to compromise it.
The vulnerability is caused due to an unspecified boundary error in a USB device driver and can be exploited to cause a buffer overflow via a specially crafted USB device.
Successful exploitation allows execution of arbitrary code with SYSTEM privileges, but requires physical access to a vulnerable system
Solution: Restrict physical access to vulnerable systems.
Disable USB support.
Provided and/or discovered by: SPI Dynamics
Changelog: 2005-07-27: Removed Windows NT 4.0 as affected, as it doesn't support USB.
Original Advisory: eWeek:
http://www.eweek.com/article2/0,1759,1840131,00.asp
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|