Microsoft Windows USB device driver buffer overflow
| windows-usb-device-bo (21539) |  High Risk |
Description:
A Microsoft Windows Universal Serial Bus (USB) device driver is vulnerable to a buffer overflow. A local attacker with physical access to the system could attach a specially programmed USB device to cause a buffer overflow. A local attacker could exploit this vulnerability to cause a denial of service or possibly execute arbitrary code on the system.
Consequences:
Gain Access
Remedy:
No remedy available as of February 6, 2010.
References:
- BID-14376: Microsoft Windows Unspecified USB Driver Buffer Overflow Vulnerability
- CVE-2005-2388: Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code.
- OSVDB ID: 18493: Microsoft Windows USB Device Driver Overflow
- SA16210: Microsoft Windows Unspecified USB Device Driver Vulnerability
- SECTRACK ID: 1014566: Windows Buffer Overflow in Unspecified USB Device Driver Lets Physically Local Users Execute Arbitrary Code
Platforms Affected:
- Microsoft Windows 2000
- Microsoft Windows 2003 Server
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows Me
- Microsoft Windows NT 4.0
- Microsoft Windows XP
- Various vendors USB (Universal Serial Bus) devices
Reported:
Jul 27, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net