oval:org.mitre.oval:def:551

Definition Id: oval:org.mitre.oval:def:551

Oval ID:	oval:org.mitre.oval:def:551
Title:	MSDTC Unchecked Buffer Permits Remote Code Execution or Privilege Elevation (Win2k,SP4)
Description:	The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2005-2119	Version:	5
Platform(s):	Microsoft Windows 2000	Product(s):	MSDTC
Definition Synopsis:
Windows 2000 is installed AND Win2K/XP/2003 service pack 4 is installed AND Either ole32.dll or rpcss.dll has a version less than 5.0.2195.7059 the version of ole32.dll is less than 5.0.2195.7059 AND the version of rpcss.dll is less than 5.0.2195.7059