National Cyber-Alert System
Vulnerability Summary: CVE-2006-0034
Orirignal release date: 2006-05-09
Source: US-CERT/NIST

Overview

    Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, aka the MSDTC Invalid Memory Access Vulnerability.

Impact

    CVSS Severity: 7.0 (High)
    Range: remote
    Authentication: input buffer="1"
    Impact Type: avail,conf,int,sec_prot user="1"

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    Windows NT (Microsoft)
    Windows 2000 (Microsoft)
    Windows Server 2003 (Microsoft)
    Microsoft Distributed Transaction Coordinator (Microsoft)
    Windows XP (Microsoft)

Technical Details

CVE Standard Vulnerability Entry: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0034