PT-2001-2040 · Microsoft · Windows+1

Published

2001-12-20

·

Updated

2018-10-12

·

CVE-2001-0876

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Windows versions 98, 98SE, ME, and XP
Description A buffer overflow issue in the Universal Plug and Play (UPnP) component allows remote attackers to execute arbitrary code. This is achieved by sending a NOTIFY directive with a long Location URL.
Recommendations For Windows 98, 98SE, ME, and XP, apply the necessary patch or configuration change to fix the buffer overflow issue in the UPnP component. As a temporary workaround, consider disabling the UPnP service until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0876

Affected Products

Universal Plug/Play
Windows