Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMicrosoftCVE-2005-2119
HistoryOct 12, 2005 - 1:04 p.m.

CVE-2005-2119

2005-10-1213:04:00
microsoft
web.nvd.nist.gov
40
cve-2005-2119
midl_user_allocate
microsoft
distributed transaction coordinator
msdtcprx.dll
memory allocation
security vulnerability

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.931

Percentile

99.1%

JSON

The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.

Affected configurations

Nvd
Node
microsoftwindows_2000sp4fr
OR
microsoftwindows_2003_serverMatch64-bit
OR
microsoftwindows_2003_serverMatchitanium
OR
microsoftwindows_2003_serverMatchr2
OR
microsoftwindows_2003_serverMatchsp1
OR
microsoftwindows_2003_serverMatchsp1itanium
OR
microsoftwindows_xp64-bit
OR
microsoftwindows_xpsp1tablet_pc
OR
microsoftwindows_xpsp2tablet_pc
VendorProductVersionCPE
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
microsoftwindows_2003_server64-bitcpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*
microsoftwindows_2003_serveritaniumcpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*
microsoftwindows_2003_serverr2cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
microsoftwindows_2003_serversp1cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
microsoftwindows_2003_serversp1cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*

Related

cert 1
checkpoint_advisories 3
securityvulns 2
nvd 2
cvelist 2
exploitdb 2
cve 1
prion 1
nessus 2
cert
cert
Microsoft Distributed Transaction Coordinator vulnerable to buffer overflow via specially crafted network message
2005-10-11 00:00:00
checkpoint_advisories
checkpoint_advisories
Security Best Practice: Enforcement of MS-RPC Protections over all TCP Ports
2006-04-27 00:00:00
Microsoft Distributed Transaction Coordinator Memory Corruption (MS05-051; CVE-2005-2119)
2005-10-11 00:00:00
Microsoft Distributed Transaction Coordinator Memory Corruption (MS05-051; CVE-2005-2119)
2005-10-11 00:00:00
securityvulns
securityvulns
[EEYEB20050708] Microsoft Distributed Transaction Coordinator Memory Modification Vulnerability
2005-10-12 00:00:00
Microsoft Security Bulletin MS05-051 Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)
2005-10-13 00:00:00
nvd
nvd
CVE-2005-2119
2005-10-12 13:04:00
CVE-2006-1184
2006-05-10 02:14:00
cvelist
cvelist
CVE-2005-2119
2005-10-11 04:00:00
CVE-2006-1184
2006-05-09 23:00:00
exploitdb
exploitdb
Microsoft Windows - MSDTC Service Remote Memory Modification (PoC) (MS05-051)
2005-11-27 00:00:00
Microsoft Windows - DTC Remote (MS05-051) (2)
2005-12-01 00:00:00
cve
cve
CVE-2006-1184
2006-05-10 02:14:00
prion
prion
Code injection
2006-05-10 02:14:00
nessus
nessus
MS05-051: Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)
2005-10-11 00:00:00
MS05-051: Vulnerabilities in MSDTC Could Allow Remote Code Execution (902400) (uncredentialed check)
2005-10-12 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.931

Percentile

99.1%

JSON
Related for CVE-2005-2119
cert1checkpoint_advisories3securityvulns2nvd2cvelist2exploitdb2cve1prion1nessus2