CVE-2005-2119
Last modified
CVE-2005-2119 is a vulnerability of currently unknown severity. The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.. EPSS estimates a 39.13% chance of exploitation in the next 30 days.
Description
The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.
Metrics
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microsoft | Windows 2000 | All versions | Sp4 |
| Microsoft | Windows 2003 Server | 64-bit | — |
| Microsoft | Windows 2003 Server | itanium | — |
| Microsoft | Windows 2003 Server | r2 | — |
| Microsoft | Windows 2003 Server | sp1 | — |
| Microsoft | Windows Xp | All versions | — |
References
- http://www.kb.cert.org/vuls/id/180868US Government Resource
- http://www.us-cert.gov/cas/techalerts/TA05-284A.htmlUS Government Resource
- http://www.kb.cert.org/vuls/id/180868US Government Resource
- http://www.us-cert.gov/cas/techalerts/TA05-284A.htmlUS Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2005-2119?
How severe is CVE-2005-2119?
How do I fix CVE-2005-2119?
Are you affected by CVE-2005-2119?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST