Microsoft Security Bulletin MS05039 is vulnerability in Plug and Play that could allow remote code execution and elevation of privilege. This vulnerability was published at August 9, 2005 and was marked as critical. An unchecked buffer in the Plug and Play service causes the vulnerability. An attacker who successfully exploited this vulnerability take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. On Windows 2000, an anonymous attacker could try to exploit the vulnerability by creating a specially crafted message and sending the message to an affected system. The message could then cause the affected system to execute code.
Therefore, we can use MS05039 exploit to get shell (CMD) of remote hosts and copy, execute codes at remote hosts. So we can use this ability to make a worm.
This document is in PDF format. To view it click here.