Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2119

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-2119
Last Modified 10 Sep 2008 03:41:06
Published 12 Oct 2005 09:04:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2119

Summary

The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server 64-bit

  • Microsoft Windows 2003 Server Itanium

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 2003 Server Sp1

  • Microsoft Windows Xp


References

CERT - TA05-284A

CERT-VN - VU#180868

MS - MS05-051

OSVDB - 18828

BID - 15056

EEYE - AD20051011b

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf

SECTRACK - 1015037

SREASON - 73

SECUNIA - 17509

SECUNIA - 17223

SECUNIA - 17172

SECUNIA - 17161


Last Updated: 27 May 2016 10:40:24