The Research of the MS05039 Buffer Overflow Exploit Worm

Microsoft Security Bulletin MS05039 is vulnerability in Plug and Play that could allow remote code execution and elevation of privilege. This vulnerability was published at August 9, 2005 and was marked as critical. An unchecked buffer in the Plug and Play service causes the vulnerability. An attacker who successfully exploited this vulnerability take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. On Windows 2000, an anonymous attacker could try to exploit the vulnerability by creating a specially crafted message and sending the message to an affected system. The message could then cause the affected system to execute code

http://www.51r.com/UploadFiles/2006-4/412386684.pdf