CVE-2005-2119

Microsoft Distributed Transaction Coordinator - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-2119. PoCs published by Swan, darkeagle.

AI-analyzed exploit summary This is a proof-of-concept exploit for CVE-2005-1978, targeting a vulnerability in the Microsoft Distributed Transaction Coordinator (MSDTC). The exploit attempts to trigger a memory corruption issue via crafted network packets, though the author notes it is unreliable and primarily results in a denial-of-service (DoS) condition.

Description

The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Swan · c++remotewindows
https://www.exploit-db.com/exploits/1352

This is a proof-of-concept exploit for CVE-2005-1978, targeting a vulnerability in the Microsoft Distributed Transaction Coordinator (MSDTC). The exploit attempts to trigger a memory corruption issue via crafted network packets, though the author notes it is unreliable and primarily results in a denial-of-service (DoS) condition.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Complex
Reliability
Racy
Target: Microsoft Distributed Transaction Coordinator (MSDTC)
No auth needed
Prerequisites: Network access to the target system · MSDTC service running on the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by darkeagle · cdoswindows
https://www.exploit-db.com/exploits/1341

This exploit targets CVE-2005-2119, a vulnerability in the Microsoft Distributed Transaction Coordinator (MSDTC) service. It sends malformed packets to trigger a buffer overflow, potentially leading to remote code execution on Windows 2000 systems.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Distributed Transaction Coordinator (MSDTC) on Windows 2000
No auth needed
Prerequisites: Network access to the target system · MSDTC service running on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (16)

Core 16
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/73
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17161
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015037
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1452
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/180868
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1071
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17223
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A551
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/18828
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17172
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15056
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17509
Various Sources third-party-advisory x_refsource_eeye
http://www.eeye.com/html/research/advisories/AD20051011b.html
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA05-284A.html

Scores

EPSS 0.5935
EPSS Percentile 98.3%

Details

Status published
Products (6)
microsoft/windows_2000
microsoft/windows_2003_server 64-bit
microsoft/windows_2003_server itanium
microsoft/windows_2003_server r2
microsoft/windows_2003_server sp1 (2 CPE variants)
microsoft/windows_xp (3 CPE variants)
Published Oct 12, 2005
Tracked Since Feb 18, 2026