CVE-2005-2119

Properties

Published:
11.10.2005
Updated:
20.10.2005
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:L/Au:NR/C:N/I:C/A:N/B:N) Approximated
    Product:
    Microsoft: Windows XP
    Microsoft: Windows XP
    Microsoft: Windows XP
    Microsoft: Windows Server 2003
    Microsoft: Windows Server 2003

    Vulnerability description

    The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.

    References:

    MS: http://www.microsoft.com/technet/security/bulletin/MS05-051.mspx
    OSVDB: http://www.osvdb.org/18828
    CERT: http://www.us-cert.gov/cas/techalerts/TA05-284A.html
    CERT-VN: http://www.kb.cert.org/vuls/id/180868
    EEYE: http://www.eeye.com/html/research/advisories/AD20051011b.html
    OVAL: http://oval.mitre.org/oval/definitions/data/oval1071.html
    OVAL: http://oval.mitre.org/oval/definitions/data/oval1452.html
    OVAL: http://oval.mitre.org/oval/definitions/data/oval551.html
    BID: http://www.securityfocus.com/bid/15056
    SECTRACK: http://securitytracker.com/id?1015037
    SECUNIA: http://secunia.com/advisories/17161
    http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf: http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
    SECUNIA: http://secunia.com/advisories/17172
    SECUNIA: http://secunia.com/advisories/17223
    SECUNIA: http://secunia.com/advisories/17509