Vulnerability Description
The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows 2003 Server | 64-bit |
| Microsoft | Windows Xp | All versions |
References
- http://secunia.com/advisories/17161
- http://secunia.com/advisories/17172
- http://secunia.com/advisories/17223
- http://secunia.com/advisories/17509
- http://securityreason.com/securityalert/73
- http://securitytracker.com/id?1015037
- http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
- http://www.eeye.com/html/research/advisories/AD20051011b.html
- http://www.kb.cert.org/vuls/id/180868US Government Resource
- http://www.osvdb.org/18828
- http://www.securityfocus.com/bid/15056
- http://www.us-cert.gov/cas/techalerts/TA05-284A.htmlUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-05
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2005-2119?
CVE-2005-2119 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers ...
How severe is CVE-2005-2119?
CVE-2005-2119 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2119?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows 2003 Server, Microsoft Windows Xp.