CVE-2005-1980
Description
Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10- cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
Patches
Vulnerability mechanics
Root cause
"Improper error handling in the Distributed Transaction Controller's processing of TIP messages causes MSDTC to repeatedly connect to a target IP and port after an error, leading to a service hang."
Attack vector
A remote attacker sends a crafted TIP message to the MSDTC service. When an error occurs during processing, the service repeatedly attempts to connect to a target IP address and port number specified in the message, causing the MSDTC service to hang [ref_id=1]. This results in a denial of service. The attack does not require authentication and can be launched over the network against systems where the MSDTC service is running and accessible.
Affected code
The vulnerability resides in the Microsoft Distributed Transaction Coordinator (MSDTC) service, specifically in its handling of Transaction Internet Protocol (TIP) messages. The advisory does not name specific functions or files, but identifies the component as the Distributed Transaction Controller [ref_id=1].
What the fix does
The security update addresses the vulnerability by modifying how MSDTC handles TIP messages after an error occurs, preventing the repeated connection attempts that cause the service hang [ref_id=1]. Additionally, the update introduces several registry keys to further restrict TIP protocol behavior, such as disabling TIP by default on Windows 2000 and adding verification options for TM ID, port, BEGIN commands, and PULL commands [ref_id=1]. These changes reduce the attack surface and block the specific malformed message pattern that triggers the hang.
Preconditions
- configThe MSDTC service must be running on the target system.
- networkThe target system must be reachable over the network on the port used by MSDTC (typically 3372 for TIP).
- inputThe attacker must be able to send a crafted TIP message to the target.
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
15- www.idefense.com/application/poi/displaynvdVendor Advisory
- secunia.com/advisories/17161nvd
- secunia.com/advisories/17172nvd
- secunia.com/advisories/17223nvd
- secunia.com/advisories/17509nvd
- securitytracker.com/idnvd
- support.avaya.com/elmodocs2/security/ASA-2005-214.pdfnvd
- www.securityfocus.com/bid/15059nvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-051nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1136nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1182nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1203nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1253nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1325nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1413nvd
News mentions
0No linked articles in our index yet.