{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Microsoft Windows XP Professional x64 Edition ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2003 et Microsoft Windows Server 2003 Service Pack 1 pour les syst\u00e8mes bas\u00e9s sur Itanium ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2003 et Microsoft Windows Server 2003 Service Pack 1 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows XP Service Pack 1 et Service Pack 2 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2003 x64 Edition.","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows 2000 Service Pack 4 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nUne faille dans le module Plug and Play (PnP) de Microsoft Windows a \u00e9t\u00e9\nd\u00e9couverte. Elle permettrait \u00e0 un utilisateur mal-intentionn\u00e9 de prendre\nle contr\u00f4le total du syst\u00e8me vuln\u00e9rable, \u00e0 distance ou en local, par le\nbiais d'une ex\u00e9cution de code malveillant.\n\n  \n\nConcernant Windows XP SP2 et Windows 2003, l'attaquant doit avant tout\ndisposer d'un couple d'authentification valide et ne peut exploiter la\nvuln\u00e9rabilit\u00e9 que localement.\n\n  \n\nConcernant Windows XP SP1, l'attaquant doit disposer d'un couple\nd'authentification valide.\n\n## Solution\n\nAppliquer les correctifs de Microsoft.\n","cves":[],"links":[{"title":"Site de l'\u00e9diteur :","url":"http://www.microsoft.com"},{"title":"Bulletin Microsoft du 09 Ao\u00fbt 2005 :","url":"http://www.microsoft.com/technet/security/bulletin/MS05-039.mspx"},{"title":"R\u00e9f\u00e9rence CVE-CAN :","url":"http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1983"}],"reference":"CERTA-2005-AVI-302","revisions":[{"description":"version initiale.","revision_date":"2005-08-10T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"\u00c9l\u00e9vation des privil\u00e8ges locaux"}],"summary":null,"title":"Vuln\u00e9rabilit\u00e9 dans le module Plug and Play (PnP) de Windows","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 de Microsoft MS05-39 du 09 Ao\u00fbt 2005","url":null}]}