Vulnerabilities > CVE-2005-3644 - Resource Management Errors vulnerability in Microsoft Windows 2000 and Windows XP

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
microsoft
CWE-399
exploit available

Summary

PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.

Vulnerable Configurations

Part Description Count
OS
Microsoft
13

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionMS Windows 2k UPNP (getdevicelist) Memory Leak DoS Exploit. CVE-2005-3644. Dos exploit for windows platform
fileexploits/windows/dos/1328.c
idEDB-ID:1328
last seen2016-01-31
modified2005-11-16
platformwindows
port
published2005-11-16
reporterWinny Thomas
sourcehttps://www.exploit-db.com/download/1328/
titleMicrosoft Windows 2000 - UPNP getdevicelist Memory Leak DoS Exploit
typedos