Advisory ID : FrSIRT/ADV-2006-0417
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2006-02-02
EXPLOIT: POC exploit code can be found at FrSIRT
Technical Description: A vulnerability has been identified in Microsoft Windows, which could be exploited by malicious users to obtain elevated privileges. This flaw is due to an access validation in the Simple Service Discovery Protocol (SSDP) Discovery and the Universal Plug and Play Device Host (UPnP) services that fail to properly validate user permissions, which could be exploited by local unprivileged attackers to bypass security restrictions and execute malicious programs with elevated privileges.
Thankfully, this new vulnerability is not remotely exploitable as it requires local access to the PC. Still, someone with a crafted version of the exploit on a memory stick or other media might be able to compromise security controls on the local PC.
Microsoft Windows SSDP and UPnP Services Privilege Escalation Issue