Microsoft Windows USB device driver buffer overflow
| windows-usb-device-bo (21539) |  High Risk |
Description:
A Microsoft Windows Universal Serial Bus (USB) device driver is vulnerable to a buffer overflow. A local attacker with physical access to the system could attach a specially programmed USB device to cause a buffer overflow. A local attacker could exploit this vulnerability to cause a denial of service or possibly execute arbitrary code on the system.
Platforms Affected:
- Microsoft, Windows 2000
- Microsoft, Windows 2003 Server
- Microsoft, Windows 98
- Microsoft, Windows 98SE
- Microsoft, Windows Me
- Microsoft, Windows NT 4.0
- Microsoft, Windows XP
- Various vendors, USB (Universal Serial Bus) devices
Remedy:
No remedy available as of July 4, 2009.
Consequences:
Gain Access
References:
- BID-14376: Microsoft Windows Unspecified USB Driver Buffer Overflow Vulnerability
- CVE-2005-2388: Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code.
- OSVDB ID: 18493: Microsoft Windows USB Device Driver Overflow
- SA16210: Microsoft Windows Unspecified USB Device Driver Vulnerability
- SECTRACK ID: 1014566: Windows Buffer Overflow in Unspecified USB Device Driver Lets Physically Local Users Execute Arbitrary Code
Reported:
Jul 27, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net