CVE-2005-2119
First published: Tue Oct 11 2005(Updated: )
The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows 2003 Server | =64-bit | |
| Microsoft Windows 2003 Server | =itanium | |
| Microsoft Windows 2003 Server | =sp1 | |
| Microsoft Windows XP | ||
| Microsoft Windows XP | =sp1 | |
| Microsoft Windows 2003 Server | =sp1 | |
| Microsoft Windows 2003 Server | =r2 | |
| Microsoft Windows 2000 | =sp4 | |
| Microsoft Windows XP | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.osvdb.org/18828
- http://www.us-cert.gov/cas/techalerts/TA05-284A.html
- http://www.kb.cert.org/vuls/id/180868
- http://www.eeye.com/html/research/advisories/AD20051011b.html
- http://www.securityfocus.com/bid/15056
- http://securitytracker.com/id?1015037
- http://secunia.com/advisories/17161
- http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
- http://secunia.com/advisories/17172
- http://secunia.com/advisories/17223
- http://secunia.com/advisories/17509
- http://securityreason.com/securityalert/73
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A551
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1452
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1071
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-051
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- vendor/microsoft
- canonical/microsoft windows 2003 server
- version/microsoft windows 2003 server/64-bit
- version/microsoft windows 2003 server/itanium
- version/microsoft windows 2003 server/sp1
- canonical/microsoft windows xp
- version/microsoft windows xp/sp1
- version/microsoft windows 2003 server/r2
- canonical/microsoft windows 2000
- version/microsoft windows 2000/sp4
- version/microsoft windows xp/sp2