Heap-based Buffer Overflow in Microsoft Distributed Transaction Coordinator for Windows NT and 2000 by Microsoft
CVE-2006-0034

Currently unrated

Key Information:

Vendor: Microsoft
Status: Distributed Transaction Coordinator
Vendor: CVE Published:; 10 May 2006

What is CVE-2006-0034?

A heap-based buffer overflow vulnerability exists in the CRpcIoManagerServer::BuildContext function located in msdtcprx.dll of the Microsoft Distributed Transaction Coordinator for Windows NT 4.0 and Windows 2000. This flaw can be exploited when a remote attacker sends a specially crafted request containing an overly long fifth argument to the BuildContextW or BuildContext opcode. Exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system, potentially compromising data integrity and security.

References

http://archives.neohapsis.com/archives/fulldisclosure/200...

mailing-listx_refsource_FULLDISC

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

51% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 10, 2006
Vulnerability Reserved
Nov 30, 2005