Vulnerability & Exploit Database

Back to search

MS05-039 Microsoft Plug and Play Service Overflow

This module exploits a stack buffer overflow in the Windows Plug and Play service. This vulnerability can be exploited on Windows 2000 without a valid user account. NOTE: Since the PnP service runs inside the service.exe process, a failed exploit attempt will cause the system to automatically reboot.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name



  • hdm <x [at]>
  • cazz <bmc [at]>



  • Windows 2000 SP0-SP4
  • Windows 2000 SP4 French
  • Windows 2000 SP4 Spanish
  • Windows 2000 SP4 English/French/German/Dutch
  • Windows 2000 SP0-SP4 German
  • Windows 2000 SP0-SP4 Italian
  • Windows XP SP1 English
  • Windows XP SP2 English (Requires Admin)
  • Windows Server 2003 SP0 English (Requires Admin)
  • Windows Server 2003 SP1 English (Requires Admin)


  • windows



Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/windows/smb/ms05_039_pnp msf exploit(ms05_039_pnp) > show targets ...targets... msf exploit(ms05_039_pnp) > set TARGET <target-id> msf exploit(ms05_039_pnp) > show options and set options... msf exploit(ms05_039_pnp) > exploit

Related Vulnerabilities