CVE-2005-2119

Microsoft Distributed Transaction Coordinator - Memory Corruption

Title source: llm

Description

The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Swan · c++remotewindows

https://www.exploit-db.com/exploits/1352

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by darkeagle · cdoswindows

https://www.exploit-db.com/exploits/1341

View Code ZIP pw:eip

References (16)

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1015037

[Various Sources] http://www.eeye.com/html/research/advisories/AD20051011b.html

[US Government Resource] http://www.kb.cert.org/vuls/id/180868

[Third Party Advisory, VDB Entry] http://www.osvdb.org/18828

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA05-284A.html

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-051

[Vendor Advisory] http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/15056

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1071

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1452

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A551

[Third Party Advisory] http://secunia.com/advisories/17161

[Third Party Advisory] http://secunia.com/advisories/17172

[Third Party Advisory] http://secunia.com/advisories/17223

[Third Party Advisory] http://secunia.com/advisories/17509

[Third Party Advisory] http://securityreason.com/securityalert/73

Scores

EPSS 0.5935

EPSS Percentile 98.2%

Details

Status published

Products (6)

microsoft/windows_2000

microsoft/windows_2003_server 64-bit

microsoft/windows_2003_server itanium

microsoft/windows_2003_server r2

microsoft/windows_2003_server sp1 (2 CPE variants)

microsoft/windows_xp (3 CPE variants)

Published Oct 12, 2005

Tracked Since Feb 18, 2026