CVE-2005-2119

The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.osvdb.org/18828
http://www.us-cert.gov/cas/techalerts/TA05-284A.html	US Government Resource
http://www.kb.cert.org/vuls/id/180868	US Government Resource
http://www.eeye.com/html/research/advisories/AD20051011b.html
http://www.securityfocus.com/bid/15056
http://securitytracker.com/id?1015037
http://secunia.com/advisories/17161
http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
http://secunia.com/advisories/17172
http://secunia.com/advisories/17223
http://secunia.com/advisories/17509
http://securityreason.com/securityalert/73
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A551
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1452
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1071
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-051

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_xp::sp1:tablet_pc:::::
	cpe:2.3:o:microsoft:windows_xp::sp2:tablet_pc:::::
	cpe:2.3:o:microsoft:windows_2003_server:itanium:::::::*
	cpe:2.3:o:microsoft:windows_2003_server:r2:::::::*
	cpe:2.3:o:microsoft:windows_2003_server:sp1:::::::*
	cpe:2.3:o:microsoft:windows_2003_server:sp1::itanium:::::
	cpe:2.3:o:microsoft:windows_xp:::64-bit:::::*
	cpe:2.3:o:microsoft:windows_2000::sp4::fr::::
	cpe:2.3:o:microsoft:windows_2003_server:64-bit:::::::*

Information

Published : 2005-10-12 06:04

Updated : 2018-10-12 14:37

NVD link : CVE-2005-2119

Mitre link : CVE-2005-2119

JSON object : View

CWE

NVD-CWE-Other

Products Affected

microsoft

windows_xp
windows_2003_server
windows_2000

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.osvdb.org/18828", "name": "18828", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA05-284A.html", "name": "TA05-284A", "tags": ["US Government Resource"], "refsource": "CERT"}, {"url": "http://www.kb.cert.org/vuls/id/180868", "name": "VU#180868", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.eeye.com/html/research/advisories/AD20051011b.html", "name": "AD20051011b", "tags": [], "refsource": "EEYE"}, {"url": "http://www.securityfocus.com/bid/15056", "name": "15056", "tags": [], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1015037", "name": "1015037", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/17161", "name": "17161", "tags": [], "refsource": "SECUNIA"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf", "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/17172", "name": "17172", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/17223", "name": "17223", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/17509", "name": "17509", "tags": [], "refsource": "SECUNIA"}, {"url": "http://securityreason.com/securityalert/73", "name": "73", "tags": [], "refsource": "SREASON"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A551", "name": "oval:org.mitre.oval:def:551", "tags": [], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1452", "name": "oval:org.mitre.oval:def:1452", "tags": [], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1071", "name": "oval:org.mitre.oval:def:1071", "tags": [], "refsource": "OVAL"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-051", "name": "MS05-051", "tags": [], "refsource": "MS"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-2119", "ASSIGNER": "secure@microsoft.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-10-12T13:04Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-12T21:37Z"}

5.0 /10