CVE-2005-1983

EXPLOITED

Microsoft Windows 2000 and XP SP1 - Stack-Based Buffer Overflow in Plug and Play Service

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2005-1983 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 5 public exploits from researchers including Metasploit, RoMaNSoFt, houseofdabus, including a Metasploit module exploits/windows/smb/ms05_039_pnp.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack buffer overflow in the Windows Plug and Play service (CVE-2005-1983). It includes multiple targets for different Windows versions and service packs, with ROP chains for bypassing DEP on newer systems.

Description

Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.

Exploits (5)

exploitdb WORKING POC VERIFIED
by Metasploit · rubydoswindows
https://www.exploit-db.com/exploits/16365

This is a Metasploit module exploiting a stack buffer overflow in the Windows Plug and Play service (CVE-2005-1983). It includes multiple targets for different Windows versions and service packs, with ROP chains for bypassing DEP on newer systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Microsoft Windows Plug and Play Service (Windows 2000, XP SP1/SP2, Server 2003 SP0/SP1)
No auth needed
Prerequisites: Network access to vulnerable system · Vulnerable Windows version with exposed PnP service
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by RoMaNSoFt · cremotewindows
https://www.exploit-db.com/exploits/1179

This is a functional exploit for CVE-2005-1983, targeting the Microsoft Windows Plug-and-Play Service Remote Overflow vulnerability. It includes shellcode and network communication to achieve remote code execution on vulnerable systems.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows 2000 SP4, Windows XP SP1/SP2, Windows Server 2003 SP1
No auth needed
Prerequisites: Network access to target · Vulnerable PnP service exposed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by houseofdabus · cremotewindows
https://www.exploit-db.com/exploits/1149

This is a functional exploit for CVE-2005-1983, targeting the Microsoft Windows Plug-and-Play Service remote overflow vulnerability. It includes shellcode and network communication to achieve remote code execution on vulnerable systems.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows Plug-and-Play Service (Windows 2000 SP4, Windows XP SP1/SP2, Windows Server 2003 SP1)
No auth needed
Prerequisites: Network access to target · Vulnerable PnP service exposed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by sl0ppy · cremotewindows
https://www.exploit-db.com/exploits/1146

This exploit targets CVE-2005-1983 (MS05-039) in Windows 2000 by sending a malformed RPC request to the browser service, triggering a buffer overflow to execute a bind shell on port 8721. The code includes shellcode and leverages the vulnerability in the Plug and Play service.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows 2000 (Plug and Play Service)
No auth needed
Prerequisites: Network access to the target's named pipe (\\target\pipe\browser) · Target must be running Windows 2000 with unpatched MS05-039 vulnerability
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by hdm, cazz · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/ms05_039_pnp.rb

This Metasploit module exploits a stack buffer overflow in the Windows Plug and Play service (CVE-2005-1983) via DCERPC/SMB, allowing remote code execution on vulnerable systems. It includes multiple targets for different Windows versions and service packs, with ROP chains for bypassing DEP on newer systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Microsoft Windows Plug and Play Service (Windows 2000, XP SP1, XP SP2, Server 2003 SP0/SP1)
No auth needed
Prerequisites: Network access to target · Vulnerable PnP service exposed
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (21)

Core 21
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/1354
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A497
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/18605
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0384.html
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/998653
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14513
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A267
Third Party Advisory, US Government Resource third-party-advisory government-resource x_refsource_ciac
http://www.ciac.org/ciac/bulletins/p-266.shtml
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1014640
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/21602
Patch, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA05-221A.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16372
Various Sources third-party-advisory x_refsource_iss
http://xforce.iss.net/xforce/alerts/id/202
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100073
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A160
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A474
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A783

Scores

EPSS 0.8798
EPSS Percentile 99.5%

Details

VulnCheck KEV 2005-08-09
Status published
Products (2)
microsoft/windows_2000
microsoft/windows_xp
Published Aug 10, 2005
Tracked Since Feb 18, 2026