Microsoft Windows versions supporting USB contain a flaw that may allow a malicious user to take control over the system. The issue is triggered when a malicious USB device is inserted. It is possible that the flaw may allow an attacker to run malicious code or programs with system privilege resulting in a full compromise.
Classification
Location:
Physical Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Availability
Exploit:
Exploit Rumored / Private
Disclosure:
OSVDB Verified
Technical
The buffer-overflow flaw is in device drivers that Windows loads whenever USB devices are inserted into computers running Windows 32-bit operating systems.
Local access to a machine with exposed USB ports is required.
Solution
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by disabling USB support in Windows.
spidynamics.com - SPI Dynamics, Inc.