CVE-2005-3644

Microsoft Windows 2000 - Resource Management Error

Title source: rule

Description

PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Winny Thomas · cdoswindows

https://www.exploit-db.com/exploits/1328

View Code ZIP pw:eip

References (9)

[Various Sources] http://research.eeye.com/html/alerts/zeroday/20051116.html

[Vendor Advisory] http://www.microsoft.com/technet/security/advisory/911052.mspx

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/15460

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1015233

[Exploit] http://www.securiteam.com/exploits/6V00C15EKM.html

[Vendor Advisory] http://secunia.com/advisories/17595

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/1328

[Vendor Advisory] http://www.frsirt.com/exploits/20051117.Win_upnp_getdevicelist.c.php

[Various Sources] http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2005/20051116

Scores

EPSS 0.5079

EPSS Percentile 97.9%

Details

CWE

CWE-399

Status published

Products (2)

microsoft/windows_2000 (5 CPE variants)

microsoft/windows_xp (8 CPE variants)

Published Nov 17, 2005

Tracked Since Feb 18, 2026