Heap-based Buffer Overflow in Microsoft Distributed Transaction Coordinator for Windows NT and 2000 by Microsoft
CVE-2006-0034

Currently unrated

Key Information:

Vendor
Microsoft
Status
Distributed Transaction Coordinator
Vendor
CVE Published:
10 May 2006

Summary

A heap-based buffer overflow vulnerability exists in the CRpcIoManagerServer::BuildContext function located in msdtcprx.dll of the Microsoft Distributed Transaction Coordinator for Windows NT 4.0 and Windows 2000. This flaw can be exploited when a remote attacker sends a specially crafted request containing an overly long fifth argument to the BuildContextW or BuildContext opcode. Exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system, potentially compromising data integrity and security.

References

http://archives.neohapsis.com/archives/fulldisclosure/200...
mailing-listx_refsource_FULLDISC
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL

EPSS Score

51% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2006-0034 : Heap-based Buffer Overflow in Microsoft Distributed Transaction Coordinator for Windows NT and 2000 by Microsoft | SecurityVulnerability.io