Oval Definition:	oval:org.mitre.oval:def:1452
Revision Date: 2011-05-16 Version: 46 Title: MSDTC Unchecked Buffer Permits Remote Code Execution or Privilege Elevation (Server 2003) Description: The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer. Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2005-2119 Platform(s): Microsoft Windows Server 2003 Product(s): MSDTC Definition Synopsis Windows Server 2003 is installed AND NOT Win2K/XP/2003 is patched AND Either ole32.dll or rpcss.dll has a version less than 5.2.3790.374 the version of ole32.dll is less than 5.2.3790.374 OR the version of rpcss.dll is less than 5.2.3790.374
BACK