MS-RPC: Microsoft Distributed Transaction Coordinator Overflow
This signature detects attempts to exploit a known vulnerability in the Microsoft Distributed Transaction Coordinator (msdtc.exe) process. A successful exploit can result in remote code execution with System privileges. You should use this signature to examine Internet-facing connections.
Extended Description
The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.
Affected Products
Microsoft windows_2000
Short Name
MS-RPC:OF:MSDTC
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
MS-RPC
Keywords
CVE-2005-2119 Coordinator Distributed Microsoft Overflow Transaction bid:15056
Release Date
10/11/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Microsoft
CVSS Score
5.0