CVE-2005-1978
Description
COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10- cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
Patches
Vulnerability mechanics
Root cause
"Improper creation and use of memory structures in the COM+ component leads to memory corruption."
Attack vector
An attacker can exploit this vulnerability either locally or remotely to execute arbitrary code with full system privileges [ref_id=1]. The COM+ component improperly creates and uses memory structures, allowing an attacker to corrupt memory and gain control of the affected system [ref_id=1]. On Windows 2000 and Windows XP Service Pack 1 the vulnerability is rated Critical for remote code execution; on other platforms it is rated Important [ref_id=1]. Firewall best practices and disabling the Distributed Transaction Coordinator are listed as workarounds to block known attack vectors [ref_id=1].
Affected code
The advisory does not specify the exact functions or files at fault. It describes the vulnerability as occurring in the COM+ subsystem of Microsoft Windows, where the component does not properly "create and use memory structures" [ref_id=1]. No patch diff or source file paths are provided in the bundle.
What the fix does
The security update corrects the way COM+ creates and uses memory structures, eliminating the memory corruption condition that could be leveraged for code execution [ref_id=1]. The advisory does not provide a source-level patch diff, but states that the update addresses the underlying defect in memory structure handling [ref_id=1]. No further technical details about the fix mechanism are disclosed in the bundle.
Preconditions
- networkThe COM+ component must be accessible (locally or over the network depending on OS configuration)
- configOn some platforms (e.g. Windows XP SP1), the Distributed Transaction Coordinator service must be started or Network DTC Access must be enabled
- authAn attacker may need valid logon credentials on certain configurations, though anonymous remote exploitation is possible when Network DTC Access is enabled
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
15- www.kb.cert.org/vuls/id/950516nvdUS Government Resource
- www.us-cert.gov/cas/techalerts/TA05-284A.htmlnvdUS Government Resource
- secunia.com/advisories/17161nvd
- secunia.com/advisories/17172nvd
- secunia.com/advisories/17223nvd
- secunia.com/advisories/17509nvd
- support.avaya.com/elmodocs2/security/ASA-2005-214.pdfnvd
- www.securityfocus.com/bid/15057nvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-051nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1261nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1269nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1466nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1499nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A576nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A816nvd
News mentions
0No linked articles in our index yet.