Article ID : S500029652 / Last Modified : 11/04/2018Print

Why does unchecked buffer in Universal Plug and Play lead to system compromise?

    Unchecked buffer in Universal Plug and Play can lead to system compromise.

    This is due to the existence of a security hole in Universal Plug and Play (UPnP). When abused, there is a possibility of an external person performing a wicked code, capturing a network, or devising a service refusal (DoS) attack. Since the UPnP function is effective by default, a patch needs to be applied to Windows® XP immediately. Users of Windows® 98/98 Second Edition/Me needs the patch only when the UPnP function is being used.

    The patch for this symptom is available in Microsoft's website. Click here to download.