Executive Summary
Informations | |||
---|---|---|---|
Name | MS05-051 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | N/A |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1071 | |||
Oval ID: | oval:org.mitre.oval:def:1071 | ||
Title: | MSDTC Unchecked Buffer Permits Remote Code Execution or Privilege Elevation (WinXP,SP1) | ||
Description: | The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-2119 | Version: | 4 |
Platform(s): | Microsoft Windows XP | Product(s): | MSDTC |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1134 | |||
Oval ID: | oval:org.mitre.oval:def:1134 | ||
Title: | TIP Request Validation Process Permits Denial of Service (XP,SP2) | ||
Description: | Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-1979 | Version: | 5 |
Platform(s): | Microsoft Windows XP | Product(s): | TIP |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1136 | |||
Oval ID: | oval:org.mitre.oval:def:1136 | ||
Title: | Distributed TIP Request Validation Process Permits Denial of Service (Server 2003,SP1) | ||
Description: | Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-1980 | Version: | 4 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | TIP |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1182 | |||
Oval ID: | oval:org.mitre.oval:def:1182 | ||
Title: | Distributed TIP Request Validation Process Permits Denial of Service (XP,SP2) | ||
Description: | Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-1980 | Version: | 5 |
Platform(s): | Microsoft Windows XP | Product(s): | TIP |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1203 | |||
Oval ID: | oval:org.mitre.oval:def:1203 | ||
Title: | Distributed TIP Request Validation Process Permits Denial of Service (WinXP,SP1) | ||
Description: | Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-1980 | Version: | 4 |
Platform(s): | Microsoft Windows XP | Product(s): | TIP |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1253 | |||
Oval ID: | oval:org.mitre.oval:def:1253 | ||
Title: | Distributed TIP Request Validation Process Permits Denial of Service (Win2k,SP4) | ||
Description: | Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-1980 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 | Product(s): | TIP |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1261 | |||
Oval ID: | oval:org.mitre.oval:def:1261 | ||
Title: | COM+ Memory Structures Process Permits Remote Code Execution (64-bit XP,SP1) | ||
Description: | COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-1978 | Version: | 5 |
Platform(s): | Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1269 | |||
Oval ID: | oval:org.mitre.oval:def:1269 | ||
Title: | COM+ Memory Structures Process Permits Remote Code Execution (WinXP,SP1) | ||
Description: | COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-1978 | Version: | 5 |
Platform(s): | Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1283 | |||
Oval ID: | oval:org.mitre.oval:def:1283 | ||
Title: | TIP Request Validation Process Permits Denial of Service (WinXP,SP1) | ||
Description: | Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-1979 | Version: | 4 |
Platform(s): | Microsoft Windows XP | Product(s): | TIP |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1325 | |||
Oval ID: | oval:org.mitre.oval:def:1325 | ||
Title: | Distributed TIP Request Validation Process Permits Denial of Service (64-bit XP,SP1) | ||
Description: | Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-1980 | Version: | 4 |
Platform(s): | Microsoft Windows XP | Product(s): | TIP |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1338 | |||
Oval ID: | oval:org.mitre.oval:def:1338 | ||
Title: | TIP Request Validation Process Permits Denial of Service (Win2k,SP4) | ||
Description: | Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-1979 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 | Product(s): | TIP |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1413 | |||
Oval ID: | oval:org.mitre.oval:def:1413 | ||
Title: | Distributed TIP Request Validation Process Permits Denial of Service (Server 2003) | ||
Description: | Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-1980 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | TIP |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1452 | |||
Oval ID: | oval:org.mitre.oval:def:1452 | ||
Title: | MSDTC Unchecked Buffer Permits Remote Code Execution or Privilege Elevation (Server 2003) | ||
Description: | The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-2119 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | MSDTC |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1466 | |||
Oval ID: | oval:org.mitre.oval:def:1466 | ||
Title: | COM+ Memory Structures Process Permits Remote Code Execution (Server 2003) | ||
Description: | COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-1978 | Version: | 6 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1499 | |||
Oval ID: | oval:org.mitre.oval:def:1499 | ||
Title: | COM+ Memory Structures Process Permits Remote Code Execution (XP,SP2) | ||
Description: | COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-1978 | Version: | 6 |
Platform(s): | Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1513 | |||
Oval ID: | oval:org.mitre.oval:def:1513 | ||
Title: | TIP Request Validation Process Permits Denial of Service (64-bit XP,SP1) | ||
Description: | Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-1979 | Version: | 4 |
Platform(s): | Microsoft Windows XP | Product(s): | TIP |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1550 | |||
Oval ID: | oval:org.mitre.oval:def:1550 | ||
Title: | TIP Request Validation Process Permits Denial of Service (Server 2003) | ||
Description: | Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-1979 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | TIP |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:551 | |||
Oval ID: | oval:org.mitre.oval:def:551 | ||
Title: | MSDTC Unchecked Buffer Permits Remote Code Execution or Privilege Elevation (Win2k,SP4) | ||
Description: | The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-2119 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 | Product(s): | MSDTC |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:576 | |||
Oval ID: | oval:org.mitre.oval:def:576 | ||
Title: | COM+ Memory Structures Process Permits Remote Code Execution (Server 2003,SP1) | ||
Description: | COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-1978 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:686 | |||
Oval ID: | oval:org.mitre.oval:def:686 | ||
Title: | TIP Request Validation Process Permits Denial of Service (Server 2003,SP1) | ||
Description: | Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-1979 | Version: | 4 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | TIP |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:816 | |||
Oval ID: | oval:org.mitre.oval:def:816 | ||
Title: | COM+ Memory Structures Process Permits Remote Code Execution (Win2k,SP4) | ||
Description: | COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-1978 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 | |
Os | 5 | |
Os | 3 |
ExploitDB Exploits
id | Description |
---|---|
2005-10-11 | Microsoft Windows 2000/2003/XP MSDTC TIP Denial Of Service Vulnerability |
OpenVAS Exploits
Date | Description |
---|---|
2009-11-16 | Name : Microsoft RPC Interface Buffer Overrun (KB824146) File : nvt/msrpc_dcom2.nasl |
2005-11-03 | Name : Microsoft RPC Interface Buffer Overrun (823980) File : nvt/msrpc_dcom.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
19904 | Microsoft Windows DTC Packet Relay DoS Microsoft Windows contains a flaw that may allow a remote attacker to cause a denial of service. The issue is due to the Distributed Transaction Controller (MSDTC) not properly handling crafted Transaction Internet Protocol (TIP) message traffic that repeatedly connects after an error occurs. This may cause the service to hang and require a restart by the administrator. |
19903 | Microsoft Windows DTC Transaction Internet Protocol (TIP) DoS Microsoft Windows has a flaw that may allow a remote attacker to cause a denial of service. The issue is due to the Transaction Internet Protocol (TIP) functionality of the Distributed Transaction Controller not properly sanitizing data sent by remote servers. With an unexpected protocol command during a reconnection request, a remote attacker can cause the MSDTC service to have an exception and exit. |
19902 | Microsoft Windows COM+ Remote Code Execution Microsoft Windows contains a flaw that may allow a remote attacker to gain privileges. The issue is due to the COM+ facility not properly creating and using memory structures. This may allow unauthenticated remote code execution. No further details have been provided. |
18828 | Microsoft Windows Distributed Transaction Coordinator (DTC) Memory Modificati... Microsoft Windows contains a flaw that may allow a remote attacker to gain privileges. The issue is due to the MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocating a 4K page of memory regardless of the required size, which allows an attacker to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | DCERPC DIRECT-UDP msdtc BuildContextW little endian object call overflow attempt RuleID : 6418 - Revision : 7 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT msdtc BuildContextW object call overflow attempt RuleID : 6417 - Revision : 7 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT-UDP msdtc BuildContextW object call overflow attempt RuleID : 6416 - Revision : 7 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT msdtc BuildContextW little endian object call overflow attempt RuleID : 6415 - Revision : 7 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT-UDP v4 msdtc BuildContextW little endian overflow attempt RuleID : 4252 - Revision : 9 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT-UDP msdtc BuildContextW little endian overflow attempt RuleID : 4251 - Revision : 9 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT msdtc BuildContextW overflow attempt RuleID : 4250 - Revision : 9 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT v4 msdtc BuildContextW little endian overflow attempt RuleID : 4249 - Revision : 7 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT-UDP msdtc BuildContextW overflow attempt RuleID : 4248 - Revision : 9 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT v4 msdtc BuildContextW overflow attempt RuleID : 4247 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC NCADG-IP-UDP msdtc BuildContextW overflow attempt RuleID : 4246 - Revision : 14 - Type : OS-WINDOWS |
2014-01-10 | DCERPC NCACN-IP-TCP msdtc BuildContextW overflow attempt RuleID : 4245 - Revision : 14 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Distributed Transaction Controller TIP DoS attempt RuleID : 17439 - Revision : 7 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2005-10-12 | Name : A vulnerability in MSDTC could allow remote code execution. File : smb_kb902400.nasl - Type : ACT_GATHER_INFO |
2005-10-11 | Name : A vulnerability in MSDTC and COM+ could allow remote code execution. File : smb_nt_ms05-051.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:45:17 |
|
2014-01-19 21:29:56 |
|