CVE-2007-1204

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP SP2

Description A stack-based buffer overflow issue exists in the Universal Plug and Play (UPnP) service, allowing remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages. This triggers memory corruption. The vulnerability enables an attacker to run arbitrary code in the context of the local service by sending specially crafted HTTP requests.

Recommendations For Microsoft Windows XP SP2, consider disabling the UPnP service as a temporary workaround until a patch is available. Restrict access to the UPnP service to minimize the risk of exploitation. Avoid using the vulnerable UPnP service in the affected HTTP requests until the issue is resolved.