CVE-2005-2119

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2005-2119
The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://secunia.com/advisories/17161
http://secunia.com/advisories/17172
http://secunia.com/advisories/17223
http://secunia.com/advisories/17509
http://securityreason.com/securityalert/73
http://securitytracker.com/id?1015037
http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
http://www.eeye.com/html/research/advisories/AD20051011b.html
http://www.kb.cert.org/vuls/id/180868 US Government Resource
http://www.osvdb.org/18828
http://www.securityfocus.com/bid/15056
http://www.us-cert.gov/cas/techalerts/TA05-284A.html US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-051
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1071
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1452
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A551
http://secunia.com/advisories/17161
http://secunia.com/advisories/17172
http://secunia.com/advisories/17223
http://secunia.com/advisories/17509
http://securityreason.com/securityalert/73
http://securitytracker.com/id?1015037
http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
http://www.eeye.com/html/research/advisories/AD20051011b.html
http://www.kb.cert.org/vuls/id/180868 US Government Resource
http://www.osvdb.org/18828
http://www.securityfocus.com/bid/15056
http://www.us-cert.gov/cas/techalerts/TA05-284A.html US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-051
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1071
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1452
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A551
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
History

20 Nov 2024, 23:58

Type Values Removed Values Added
References () http://secunia.com/advisories/17161 - () http://secunia.com/advisories/17161 -
References () http://secunia.com/advisories/17172 - () http://secunia.com/advisories/17172 -
References () http://secunia.com/advisories/17223 - () http://secunia.com/advisories/17223 -
References () http://secunia.com/advisories/17509 - () http://secunia.com/advisories/17509 -
References () http://securityreason.com/securityalert/73 - () http://securityreason.com/securityalert/73 -
References () http://securitytracker.com/id?1015037 - () http://securitytracker.com/id?1015037 -
References () http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf - () http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf -
References () http://www.eeye.com/html/research/advisories/AD20051011b.html - () http://www.eeye.com/html/research/advisories/AD20051011b.html -
References () http://www.kb.cert.org/vuls/id/180868 - US Government Resource () http://www.kb.cert.org/vuls/id/180868 - US Government Resource
References () http://www.osvdb.org/18828 - () http://www.osvdb.org/18828 -
References () http://www.securityfocus.com/bid/15056 - () http://www.securityfocus.com/bid/15056 -
References () http://www.us-cert.gov/cas/techalerts/TA05-284A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA05-284A.html - US Government Resource
References () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-051 - () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-051 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1071 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1071 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1452 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1452 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A551 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A551 -
Information

Published : 2005-10-12 13:04

Updated : 2024-11-20 23:58

NVD link : CVE-2005-2119

Mitre link : CVE-2005-2119

CVE.ORG link : CVE-2005-2119

JSON object : View

Products Affected

microsoft

  • windows_2000
  • windows_xp
  • windows_2003_server
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024