MS05-039: Vulnerability in Plug and Play Service Could Allow Remote Code Execution (899588) (uncredentialed check)
Critical Nessus Plugin ID 19408
SynopsisArbitrary code can be executed on the remote host due to a flaw in the Plug-And-Play service.
DescriptionThe remote version of Windows contains a flaw in the function 'PNP_QueryResConfList()' in the Plug and Play service that may allow an attacker to execute arbitrary code on the remote host with SYSTEM privileges.
A series of worms (Zotob) are known to exploit this vulnerability in the wild.
SolutionMicrosoft has released a set of patches for Windows 2000, XP and 2003.