CVE-2006-0034

Currently unrated

Key Information:

Vendor: Microsoft
Status: Distributed Transaction Coordinator
Vendor: CVE Published:; 10 May 2006

Summary

Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.

References

http://archives.neohapsis.com/archives/fulldisclosure/200...

mailing-listx_refsource_FULLDISC

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

57% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 10, 2006
Vulnerability Reserved
Nov 30, 2005

Collectors

NVD DatabaseMitre Database