Vulnerabilities > CVE-2005-4696 - Information Disclosure vulnerability in Microsoft Windows Wireless Zero Configuration Service
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The Microsoft Wireless Zero Configuration system (WZCS) stores WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key in plaintext in memory of the explorer process, which allows attackers with access to process memory to steal the keys and access the network.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 4 |
Exploit-Db
| description | Microsoft Windows XP Wireless Zero Configuration Service Information Disclosure Vulnerability. CVE-2005-4696 . Local exploit for windows platform |
| file | exploits/windows/local/26323.cpp |
| id | EDB-ID:26323 |
| last seen | 2016-02-03 |
| modified | 2005-10-04 |
| platform | windows |
| port | |
| published | 2005-10-04 |
| reporter | Laszlo Toth |
| source | https://www.exploit-db.com/download/26323/ |
| title | Microsoft Windows XP Wireless Zero Configuration Service Information Disclosure Vulnerability |
| type | local |
References
- http://archives.neohapsis.com/archives/bugtraq/2005-10/0016.html
- http://secunia.com/advisories/17064
- http://securityreason.com/securityalert/46
- http://www.osvdb.org/19873
- http://www.securityfocus.com/bid/15008
- http://www.soonerorlater.hu/index.khtml?article_id=62
- http://www.vupen.com/english/advisories/2005/1970
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22524
- https://www.exploit-db.com/exploits/26323/