← voltar
CVE-2005-2119

CVE-2005-2119

EPSS 39.1%
The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.
Produtos afetados
n/a · n/a
PoCs públicas encontradas2
exploitdbwww.exploit-db.com/exploits/1352não verificadoexploitdbwww.exploit-db.com/exploits/1341não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-051http://secunia.com/advisories/17161http://secunia.com/advisories/17172http://secunia.com/advisories/17223http://secunia.com/advisories/17509http://securityreason.com/securityalert/73http://securitytracker.com/id?1015037https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1071https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1452https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A551http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdfhttp://www.eeye.com/html/research/advisories/AD20051011b.html