CVE-2005-4696

Microsoft Wireless Zero Configuration - Info Disclosure

Title source: llm

Description

The Microsoft Wireless Zero Configuration system (WZCS) stores WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key in plaintext in memory of the explorer process, which allows attackers with access to process memory to steal the keys and access the network.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Laszlo Toth · c++localwindows

https://www.exploit-db.com/exploits/26323

View Code ZIP pw:eip

References (9)

[Vendor Advisory] http://archives.neohapsis.com/archives/bugtraq/2005-10/0016.html

[Vendor Advisory] http://secunia.com/advisories/17064

[Exploit] http://www.securityfocus.com/bid/15008

[Vendor Advisory] http://www.soonerorlater.hu/index.khtml?article_id=62

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/26323/

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/22524

[Third Party Advisory, VDB Entry] http://www.osvdb.org/19873

[Third Party Advisory] http://www.vupen.com/english/advisories/2005/1970

[Third Party Advisory] http://securityreason.com/securityalert/46

Scores

EPSS 0.0531

EPSS Percentile 90.1%

Details

Status published

Products (1)

microsoft/windows_xp (4 CPE variants)

Published Dec 31, 2005

Tracked Since Feb 18, 2026