<< Back
CVE Number Vulnerability Product Severity Date
MS07-019 Vulnerability in Universal Plug and Play Could Allow Remote Code Execution (931261) Microsoft Windows Critical 11-04-2007

Technical Information

Brief overview of the risk:
A remote code execution vulnerability exists in the Universal Plug and Play service in the way that it handles specially crafted HTTP requests. An attacker who has successfully exploited this vulnerability could run arbitrary code in the context of local service.
Detailed Information on the risk:
MS07-019 patches a critical stack overflow in Microsoft Universal Plug and Play (UPNP). The UPNP service listens on UDP port 1900 and TCP port 2869 on computers that have an attached UPNP capable hardware device, or are running a UPNP configured service such as Internet Connection Sharing. This stack overflow is easily exploited, providing an attacker with complete control over the victim PC.Further information on this exploit is available at : MS07-019

Affected Software

Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional x64 Edition Service Pack 2