Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Unpatched Windows Ssdp/upnp Local Vulnerability & Poc Exploit

  • Please log in to reply
No replies to this topic

#1 harrywaldron


    Security Reporter

  • Members
  • 509 posts
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:12:46 AM

Posted 02 February 2006 - 08:11 PM

Advisory ID : FrSIRT/ADV-2006-0417
Rated as : Moderate Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2006-02-02

EXPLOIT: POC exploit code can be found at FrSIRT

Technical Description: A vulnerability has been identified in Microsoft Windows, which could be exploited by malicious users to obtain elevated privileges. This flaw is due to an access validation in the Simple Service Discovery Protocol (SSDP) Discovery and the Universal Plug and Play Device Host (UPnP) services that fail to properly validate user permissions, which could be exploited by local unprivileged attackers to bypass security restrictions and execute malicious programs with elevated privileges.

Thankfully, this new vulnerability is not remotely exploitable as it requires local access to the PC. Still, someone with a crafted version of the exploit on a memory stick or other media might be able to compromise security controls on the local PC.

Microsoft Windows SSDP and UPnP Services Privilege Escalation Issue

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users