Vulnerability Details : CVE-2005-2119
The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.
Exploit prediction scoring system (EPSS) score for CVE-2005-2119
Probability of exploitation activity in the next 30 days: 94.70%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2005-2119
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2005-2119
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1452
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-051
-
http://securityreason.com/securityalert/73
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A551
-
http://www.securityfocus.com/bid/15056
- http://securitytracker.com/id?1015037
-
http://www.us-cert.gov/cas/techalerts/TA05-284A.html
US Government Resource
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1071
-
http://www.eeye.com/html/research/advisories/AD20051011b.html
-
http://www.kb.cert.org/vuls/id/180868
US Government Resource
- http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
Products affected by CVE-2005-2119
- cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*