cvelistv5 - cve-2007-1204

CVE-2007-1204 (GCVE-0-2007-1204)

Vulnerability from cvelistv5

Published

2007-04-10 21:00

Modified

2024-08-07 12:50

Severity ?

CWE

Summary

Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption.

References

URL

Tags

	http://www.securitytracker.com/id?1017895	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/466331/100/200/threaded	vendor-advisory, x_refsource_HP
	http://www.vupen.com/english/advisories/2007/1323	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/24822	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2049	vdb-entry, signature, x_refsource_OVAL
	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=509	third-party-advisory, x_refsource_IDEFENSE
	http://www.osvdb.org/34010	vdb-entry, x_refsource_OSVDB
	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-019	vendor-advisory, x_refsource_MS
	http://www.securityfocus.com/archive/1/466331/100/200/threaded	vendor-advisory, x_refsource_HP
	http://www.securityfocus.com/bid/23371	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:50:34.927Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1017895",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017895"
          },
          {
            "name": "HPSBST02208",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded"
          },
          {
            "name": "ADV-2007-1323",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1323"
          },
          {
            "name": "24822",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24822"
          },
          {
            "name": "oval:org.mitre.oval:def:2049",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2049"
          },
          {
            "name": "20070410 Microsoft Windows Universal Plug and Play Memory Corruption Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=509"
          },
          {
            "name": "34010",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/34010"
          },
          {
            "name": "MS07-019",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-019"
          },
          {
            "name": "SSRT071365",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded"
          },
          {
            "name": "23371",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23371"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01.000Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1017895",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017895"
        },
        {
          "name": "HPSBST02208",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded"
        },
        {
          "name": "ADV-2007-1323",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1323"
        },
        {
          "name": "24822",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24822"
        },
        {
          "name": "oval:org.mitre.oval:def:2049",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2049"
        },
        {
          "name": "20070410 Microsoft Windows Universal Plug and Play Memory Corruption Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=509"
        },
        {
          "name": "34010",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/34010"
        },
        {
          "name": "MS07-019",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-019"
        },
        {
          "name": "SSRT071365",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded"
        },
        {
          "name": "23371",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23371"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-1204",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1017895",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017895"
            },
            {
              "name": "HPSBST02208",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded"
            },
            {
              "name": "ADV-2007-1323",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1323"
            },
            {
              "name": "24822",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24822"
            },
            {
              "name": "oval:org.mitre.oval:def:2049",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2049"
            },
            {
              "name": "20070410 Microsoft Windows Universal Plug and Play Memory Corruption Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=509"
            },
            {
              "name": "34010",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/34010"
            },
            {
              "name": "MS07-019",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-019"
            },
            {
              "name": "SSRT071365",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded"
            },
            {
              "name": "23371",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23371"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2007-1204",
    "datePublished": "2007-04-10T21:00:00.000Z",
    "dateReserved": "2007-03-02T00:00:00.000Z",
    "dateUpdated": "2024-08-07T12:50:34.927Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2007-AVI-166

Vulnerability from certfr_avis

Une vulnérabilité a été identifiée dans le service Universal Plug and Play (UPnP) de Microsoft Windows. Une personne malveillante pourrait l'exploiter en envoyant un paquet spécialement construit vers le système vulnérable, et ainsi prendre le contrôle total de celui-ci.

Description

Une vulnérabilité a été identifiée dans le service Universal Plug and Play (UPnP) de Microsoft Windows. Ce service a pour but de faciliter la communication entre périphériques, et s'appuie fréquemment sur les protocoles IP, TCP/UDP et HTTP. Outre une phase de découverte des services disponibles dans le réseau, il offre aussi la possibilité d'envoyer des actions et des notifications d'événements (mises à jour du service par exemple). Ce service est largement mise en œuvre, et se trouve bien souvent activé automatiquement dans les configurations par défaut des appareils. Il fait partie des exceptions autorisées par le pare-feu Windows dans son installation native.

Le système ne manipulerait pas correctement certaines requêtes HTTP. Une personne malveillante pourrait donc envoyer à distance un paquet spécialement construit vers le système vulnérable, et ainsi prendre le contrôle total de celui-ci.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Windows	Microsoft Windows XP Professional x64 Edition (Service Pack 2 compris).
	Microsoft	Windows	Microsoft Windows XP Service Pack 2 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS07-019 du 10 avril 2007	None	vendor-advisory
Informations sur le service UPnP (Universal Plug and Play) :	-	other
Bulletin de sécurité iDefense du 10 avril 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows XP Professional x64 Edition (Service Pack 2 compris).",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans le service Universal Plug and\nPlay (UPnP) de Microsoft Windows. Ce service a pour but de faciliter la\ncommunication entre p\u00e9riph\u00e9riques, et s\u0027appuie fr\u00e9quemment sur les\nprotocoles IP, TCP/UDP et HTTP. Outre une phase de d\u00e9couverte des\nservices disponibles dans le r\u00e9seau, il offre aussi la possibilit\u00e9\nd\u0027envoyer des actions et des notifications d\u0027\u00e9v\u00e9nements (mises \u00e0 jour du\nservice par exemple). Ce service est largement mise en \u0153uvre, et se\ntrouve bien souvent activ\u00e9 automatiquement dans les configurations par\nd\u00e9faut des appareils. Il fait partie des exceptions autoris\u00e9es par le\npare-feu Windows dans son installation native.\n\nLe syst\u00e8me ne manipulerait pas correctement certaines requ\u00eates HTTP. Une\npersonne malveillante pourrait donc envoyer \u00e0 distance un paquet\nsp\u00e9cialement construit vers le syst\u00e8me vuln\u00e9rable, et ainsi prendre le\ncontr\u00f4le total de celui-ci.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-1204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1204"
    }
  ],
  "initial_release_date": "2007-04-11T00:00:00",
  "last_revision_date": "2007-04-11T00:00:00",
  "links": [
    {
      "title": "Informations sur le service UPnP (Universal Plug and Play)    :",
      "url": "http://www.upnp.org"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iDefense du 10 avril 2007 :",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=509"
    }
  ],
  "reference": "CERTA-2007-AVI-166",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-04-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans le service \u003cspan\nclass=\"textit\"\u003eUniversal Plug and Play\u003c/span\u003e (UPnP) de Microsoft\nWindows. Une personne malveillante pourrait l\u0027exploiter en envoyant un\npaquet sp\u00e9cialement construit vers le syst\u00e8me vuln\u00e9rable, et ainsi\nprendre le contr\u00f4le total de celui-ci.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans le service UPnP de Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-019 du 10 avril 2007",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-019.mspx"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-1204 (GCVE-0-2007-1204)

Vulnerability from cvelistv5

CERTA-2007-AVI-166

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature