Russian Vulnerability Scanner Database

Back to List

CVE-2005-2119

Scores

EPSS

0.593medium59.3%
0%20%40%60%80%100%

Percentile: 59.3%

CVSS

5.0medium2.0
0246810

CVSS Score: 5.0/10

All CVSS Scores

CVSS 2.0
5.0

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Description

The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

nvd

Exploits

Exploit ID: 1341

Source: exploitdb

URL: https://www.exploit-db.com/exploits/1341

Exploit ID: 1352

Source: exploitdb

URL: https://www.exploit-db.com/exploits/1352

Vulnerable Software (3)

Type: Configuration

Vendor: *

Product: windows_2000

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:microsoft:windows_2003_server:64-bi...

Source: nvd

Type: Configuration

Vendor: *

Product: windows_2003_server

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:microsoft:windows_2003_server:64-bi...

Source: nvd

Type: Configuration

Vendor: *

Product: windows_xp

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:microsoft:windows_2003_server:64-bi...

Source: nvd

End of list