Follow:

Vulnerability:Win/MSRPC.MSDTC.RCE!CVE-2005-2119

Severity rating
Critical

Class/Type
Vulnerability

Discovered date
2007-05-08T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Medium



On this page




Description

A remote code execution and local elevation of privilege vulnerability exists in the Microsoft Distributed Transaction Coordinator that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.



Impact

An attacker who successfully exploited this vulnerability could take complete control of the affected system.



Technical details (analysis)

The Microsoft Distributed Transaction Coordinator (MSDTC) is a distributed transaction facility for Microsoft Windows platforms. MSDTC uses proven transaction processing technology. It is robust despite system failures, process failures, and communication failures; it exploits loosely coupled systems to provide scalable performance; and it is easy to install, configure, and manage. An unchecked buffer in the Microsoft Distributed Transaction Coordinator causes the vulnerability.



Affected software

Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition



Non-affected software

Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)



References




Solutions




NIS signature

Name: Vulnerability:Win/MSRPC.MSDTC.RCE!CVE-2005-2119
Release Date: 2007-05-08T00:00:00



Known false positives

No known false positives at this time.



Work-arounds

Disable the Distributed Transaction Coordinator
Use the Group Policy settings to disable the Distributed Transaction Coordinator on all affected systems that do not require this feature.
Disable Network DTC Access
Block the following at the firewall: All unsolicited inbound traffic on ports greater than 1024 and any other specifically configured RPC port
To help protect from network-based attempts to exploit this vulnerability, use a personal firewall, such as the Internet Connection Firewall, which is included with Windows XP and with Windows Server 2003.
To help protect from network-based attempts to exploit this vulnerability, enable advanced TCP/IP filtering on systems that support this feature.
To help protect from network-based attempts to exploit this vulnerability, block the affected ports by using IPsec on the affected systems.