CVE-2005-3644

Published: Nov 17, 2005Modified: Apr 16, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.

Affected (13)

Products: Microsoft: Windows 2000, Windows Xp

2 products

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 2000	All versions
Microsoft Windows 2000	All versions
Microsoft Windows 2000	All versions
Microsoft Windows 2000	All versions
Microsoft Windows 2000	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

Related CWEs

References (18)

http://research.eeye.com/html/alerts/zeroday/20051116.html

Source: secure@microsoft.com

http://secunia.com/advisories/17595

Source: secure@microsoft.com

Vendor Advisory

http://securitytracker.com/id?1015233

Source: secure@microsoft.com

http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2005/20051116

Source: secure@microsoft.com

http://www.frsirt.com/exploits/20051117.Win_upnp_getdevicelist.c.php

Source: secure@microsoft.com

Vendor Advisory

http://www.microsoft.com/technet/security/advisory/911052.mspx

Source: secure@microsoft.com

Vendor Advisory

http://www.securiteam.com/exploits/6V00C15EKM.html

Source: secure@microsoft.com

Exploit

http://www.securityfocus.com/bid/15460

Source: secure@microsoft.com

https://www.exploit-db.com/exploits/1328

Source: secure@microsoft.com

http://research.eeye.com/html/alerts/zeroday/20051116.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/17595

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1015233

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2005/20051116

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.frsirt.com/exploits/20051117.Win_upnp_getdevicelist.c.php

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.microsoft.com/technet/security/advisory/911052.mspx

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securiteam.com/exploits/6V00C15EKM.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/bid/15460

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/1328

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.