Plug and Play PnP allows the operating system to detect new hardware when during the installation on the system. This vulnerability is caused due to improper validation of user supplied data by the process used by the Plug and Play service. An attacker could exploit this vulnerability by creating a specially crafted network message and sending the message UMPNPMGR RPC interface of a vulnerable system.
It may be noted that On Windows 2000 and Windows XP Service Pack 1, an authenticated user could remotely exploit this vulnerability. On Windows XP Service Pack 2 this is local privilege elevation vulnerability.
This security issue is similar to the issue described in CERT-In vulnerability note.
The information provided herein is on "as is" basis, without warranty of any kind.