Vulnerability Details CVE-2005-2119
The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.582
EPSS Ranking 98.0%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/17161
- http://secunia.com/advisories/17172
- http://secunia.com/advisories/17223
- http://secunia.com/advisories/17509
- http://securityreason.com/securityalert/73
- http://securitytracker.com/id?1015037
- http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
- http://www.eeye.com/html/research/advisories/AD20051011b.html
- http://www.kb.cert.org/vuls/id/180868
- http://www.osvdb.org/18828
- http://www.securityfocus.com/bid/15056
- http://www.us-cert.gov/cas/techalerts/TA05-284A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-051
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1071
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1452
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A551
- http://secunia.com/advisories/17161
- http://secunia.com/advisories/17172
- http://secunia.com/advisories/17223
- http://secunia.com/advisories/17509
- http://securityreason.com/securityalert/73
- http://securitytracker.com/id?1015037
- http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
- http://www.eeye.com/html/research/advisories/AD20051011b.html
- http://www.kb.cert.org/vuls/id/180868
- http://www.osvdb.org/18828
- http://www.securityfocus.com/bid/15056
- http://www.us-cert.gov/cas/techalerts/TA05-284A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-051
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1071
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1452
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A551
Products affected by CVE-2005-2119
-
cpe:2.3:o:microsoft:windows_2000:-
-
cpe:2.3:o:microsoft:windows_2003_server:64-bit
-
cpe:2.3:o:microsoft:windows_2003_server:itanium
-
cpe:2.3:o:microsoft:windows_2003_server:r2
-
cpe:2.3:o:microsoft:windows_2003_server:sp1
-
cpe:2.3:o:microsoft:windows_xp:*
-
cpe:2.3:o:microsoft:windows_xp:-