MS05-039 Scan 1.0 is a Windows based detection and analysis utility that can quickly and accurately identify Microsoft operating systems that are vulnerable to the multiple buffer overflow vulnerabilities released in the MS05-039 bulletin.
MS05-039 Scan is intended for use by enterprise system and network administrators as a fast and reliable utility for identifying at risk Microsoft systems in a passive manner. This tool is non-abrasive in nature and may be run in production environments during production hours.
Limitations of the tool:
The scanner is limited to 10 outgoing connections on WIndows XP SP2. This scanning limitation is caused by SP2. All other platforms will have 64 concurrent scanning threads running.
If you have anti-virus running it *may* detect this tool as an exploit. This tool *does NOT* exploit the vulnerabilty it simply determines if the machine is vulnerable or not.
Vulnerability Information:
There is a remotely exploitable vulnerability in the Plug and Play (PnP) RPC interface in Microsoft Windows.
Using a null session, an attacker could make an RPC request to the PnP interface on a Microsoft Windows system that could potentially execute arbitrary code.
This Foundstone check detects the absence of the patch by attempting to trigger the vulnerability in a nonintrusive manner over RPC.
Affected systems: Microsoft Windows Server 2003 (All Versions)
Microsoft Windows XP (All Versions)
Microsoft Windows 2000 (All Versions)
For more information see:
http://www.microsoft.com/technet/security/bulletin/MS05-039.mspx
