5 - CVE-2006-1184

Executive Summary

Informations
Name	CVE-2006-1184	First vendor Publication	2006-05-09
Vendor	Cve	Last vendor Modification	2019-04-30

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1184

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1295

Oval ID:	oval:org.mitre.oval:def:1295
Title:	MSDTC Denial of Service Vulnerability (XP,SP1)
Description:	Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-1184	Version:	6
Platform(s):	Microsoft Windows XP	Product(s):
Definition Synopsis:
Windows XP is installed AND Win2K/XP/2003/Vista service pack 1 is installed AND NOT a version of Windows for the ia64 architecture is installed AND the version of Msdtctm.dll is less than 2001.12.4414.65

Definition Id: oval:org.mitre.oval:def:1779

Oval ID:	oval:org.mitre.oval:def:1779
Title:	MSDTC Denial of Service Vulnerability (Server 2003)
Description:	Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-1184	Version:	7
Platform(s):	Microsoft Windows Server 2003	Product(s):
Definition Synopsis:
Windows Server 2003 is installed AND NOT Win2K/XP/2003 is patched AND the version of Msdtctm.dll is less than 2001.12.4720.480

Definition Id: oval:org.mitre.oval:def:1912

Oval ID:	oval:org.mitre.oval:def:1912
Title:	MSDTC Denial of Service Vulnerability (XP,SP2)
Description:	Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-1184	Version:	7
Platform(s):	Microsoft Windows XP	Product(s):
Definition Synopsis:
Windows XP is installed AND Win2K/XP/2003/Vista/2008 service pack 2 is installed AND NOT a version of Windows for the ia64 architecture is installed AND the version of Msdtctm.dll is less than 2001.12.4414.311

Definition Id: oval:org.mitre.oval:def:1990

Oval ID:	oval:org.mitre.oval:def:1990
Title:	MSDTC Denial of Service Vulnerability (Win2K)
Description:	Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-1184	Version:	7
Platform(s):	Microsoft Windows 2000	Product(s):
Definition Synopsis:
Windows 2000 Service Pack 4 (or later) is installed Windows 2000 is installed AND Win2K/XP/2003 service pack 4 (or later) is installed AND the version of Msdtctm.dll is less than 2000.2.3535.0

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Distributed Transaction Coordinator cpe:2.3:a:microsoft:distributed_transaction_coordinator::::::::	1
Os	Microsoft Windows 2000 cpe:2.3:o:microsoft:windows_2000:::::::: cpe:2.3:o:microsoft:windows_2000::sp1::::::* cpe:2.3:o:microsoft:windows_2000::sp2::::::* cpe:2.3:o:microsoft:windows_2000::sp4::::::* cpe:2.3:o:microsoft:windows_2000::sp3::::::*	5
Os	Microsoft Windows 2003 Server cpe:2.3:o:microsoft:windows_2003_server:web:::::::* cpe:2.3:o:microsoft:windows_2003_server:standard::64-bit::::: cpe:2.3:o:microsoft:windows_2003_server:r2::64-bit::::: cpe:2.3:o:microsoft:windows_2003_server:r2::datacenter_64-bit::::: cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:::::::* cpe:2.3:o:microsoft:windows_2003_server:enterprise::64-bit:::::	6
Os	Microsoft Windows Nt cpe:2.3:o:microsoft:windows_nt:4.0:sp2:::workstation::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:::::* cpe:2.3:o:microsoft:windows_nt:4.0:sp3:::server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp6:::workstation::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:::::* cpe:2.3:o:microsoft:windows_nt:4.0:sp2:::terminal_server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp6:::terminal_server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp1:::terminal_server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:::::* cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:::server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:::workstation::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:::::* cpe:2.3:o:microsoft:windows_nt:4.0:sp1:::server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp4:::workstation::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:::::* cpe:2.3:o:microsoft:windows_nt:4.0:sp5:::server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp5:::terminal_server::x86: cpe:2.3:o:microsoft:windows_nt:4.0::enterprise_server::::: cpe:2.3:o:microsoft:windows_nt:4.0:sp1:::workstation::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp3:::terminal_server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:::::* cpe:2.3:o:microsoft:windows_nt:4.0:sp4:::terminal_server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp5:::workstation::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp6:::server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:::terminal_server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp3:::workstation::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp1:::::: cpe:2.3:o:microsoft:windows_nt:4.0:sp2:::::: cpe:2.3:o:microsoft:windows_nt:4.0:::::::* cpe:2.3:o:microsoft:windows_nt:4.0:sp3:::::: cpe:2.3:o:microsoft:windows_nt:4.0:sp4:::::: cpe:2.3:o:microsoft:windows_nt:4.0:sp5:::::: cpe:2.3:o:microsoft:windows_nt:4.0::terminal_server::::: cpe:2.3:o:microsoft:windows_nt:4.0:sp6:::::: cpe:2.3:o:microsoft:windows_nt:4.0::workstation::::: cpe:2.3:o:microsoft:windows_nt:4.0:sp2:::server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:::::: cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:::::* cpe:2.3:o:microsoft:windows_nt:4.0:sp4:::server::x86: cpe:2.3:o:microsoft:windows_nt:4.0::server:::::	40
Os	Microsoft Windows Xp cpe:2.3:o:microsoft:windows_xp::sp2:tablet_pc::::: cpe:2.3:o:microsoft:windows_xp::sp1:media_center::::: cpe:2.3:o:microsoft:windows_xp::gold:professional::::: cpe:2.3:o:microsoft:windows_xp::sp1:embedded::::: cpe:2.3:o:microsoft:windows_xp:::64-bit:::::* cpe:2.3:o:microsoft:windows_xp:::home:::::* cpe:2.3:o:microsoft:windows_xp::sp1:home::::: cpe:2.3:o:microsoft:windows_xp:::embedded:::::* cpe:2.3:o:microsoft:windows_xp:::media_center:::::* cpe:2.3:o:microsoft:windows_xp::sp1:64-bit:::::	10

OpenVAS Exploits

Date	Description
2009-11-16	Name : Microsoft RPC Interface Buffer Overrun (KB824146) File : nvt/msrpc_dcom2.nasl
2005-11-03	Name : Microsoft RPC Interface Buffer Overrun (823980) File : nvt/msrpc_dcom.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
25336	Microsoft Windows Distributed Transaction Coordinator (DTC) BuildContextW Req... Microsoft Windows contains a flaw that may allow a remote denial of service. The issue is triggered when the Distributed Transaction Coordinator receives a single BuildContextW request where the 'UuidString' or 'GuidIn' value has a maximum character count of 0x7D0, and will result in loss of availability for the service.

Description

25336

Microsoft Windows Distributed Transaction Coordinator (DTC) BuildContextW Req...

Microsoft Windows contains a flaw that may allow a remote denial of service. The issue is triggered when the Distributed Transaction Coordinator receives a single BuildContextW request where the 'UuidString' or 'GuidIn' value has a maximum character count of 0x7D0, and will result in loss of availability for the service.

Snort® IPS/IDS

Date	Description
2014-01-10	DCERPC DIRECT-UDP msdtc BuildContext little endian object call heap overflow ... RuleID : 6466 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT-UDP msdtc BuildContext object call heap overflow attempt RuleID : 6465 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT msdtc BuildContext little endian object call heap overflow attempt RuleID : 6464 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT msdtc BuildContext object call heap overflow attempt RuleID : 6463 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT-UDP msdtc BuildContext little endian heap overflow attempt RuleID : 6462 - Revision : 7 - Type : NETBIOS
2014-01-10	DCERPC DIRECT-UDP msdtc BuildContext heap overflow attempt RuleID : 6461 - Revision : 7 - Type : NETBIOS
2014-01-10	DCERPC DIRECT-UDP v4 msdtc BuildContext heap overflow attempt RuleID : 6460 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT v4 msdtc BuildContext little endian heap overflow attempt RuleID : 6459 - Revision : 6 - Type : NETBIOS
2014-01-10	DCERPC DIRECT-UDP v4 msdtc BuildContext little endian heap overflow attempt RuleID : 6458 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT msdtc BuildContext little endian heap overflow attempt RuleID : 6457 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC NCADG-IP-UDP msdtc BuildContext heap overflow attempt RuleID : 6456 - Revision : 12 - Type : OS-WINDOWS
2014-01-10	DCERPC NCACN-IP-TCP msdtc BuildContext heap overflow attempt RuleID : 6455 - Revision : 12 - Type : OS-WINDOWS
2014-01-10	DCERPC DIRECT-UDP msdtc BuildContextW object call heap overflow attempt RuleID : 6454 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT msdtc BuildContextW little endian object call heap overflow att... RuleID : 6453 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT-UDP msdtc BuildContextW little endian object call heap overflow... RuleID : 6452 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT msdtc BuildContextW object call heap overflow attempt RuleID : 6451 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT-UDP v4 msdtc BuildContextW heap overflow attempt RuleID : 6450 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT-UDP msdtc BuildContextW heap overflow attempt RuleID : 6449 - Revision : 7 - Type : NETBIOS
2014-01-10	DCERPC DIRECT msdtc BuildContextW little endian heap overflow attempt RuleID : 6448 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT v4 msdtc BuildContextW heap overflow attempt RuleID : 6447 - Revision : 5 - Type : NETBIOS
2014-01-10	DCERPC DIRECT v4 msdtc BuildContextW little endian heap overflow attempt RuleID : 6446 - Revision : 6 - Type : NETBIOS
2014-01-10	DCERPC DIRECT-UDP v4 msdtc BuildContextW little endian heap overflow attempt RuleID : 6445 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC NCADG-IP-UDP msdtc BuildContextW heap overflow attempt RuleID : 6444 - Revision : 13 - Type : OS-WINDOWS
2014-01-10	DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt RuleID : 6443 - Revision : 14 - Type : OS-WINDOWS
2014-01-10	DCERPC DIRECT-UDP msdtc BuildContextW object call invalid second uuid size at... RuleID : 6442 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT-UDP msdtc BuildContextW little endian object call invalid secon... RuleID : 6441 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT msdtc BuildContextW little endian object call invalid second uu... RuleID : 6440 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT msdtc BuildContextW object call invalid second uuid size attempt RuleID : 6439 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT-UDP msdtc BuildContextW invalid second uuid size attempt RuleID : 6438 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT-UDP v4 msdtc BuildContextW little endian invalid second uuid si... RuleID : 6437 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT-UDP v4 msdtc BuildContextW invalid second uuid size attempt RuleID : 6436 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT-UDP msdtc BuildContextW little endian invalid second uuid size ... RuleID : 6435 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT msdtc BuildContextW little endian invalid second uuid size attempt RuleID : 6434 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT v4 msdtc BuildContextW little endian invalid second uuid size a... RuleID : 6433 - Revision : 6 - Type : NETBIOS
2014-01-10	DCERPC NCADG-IP-UDP msdtc BuildContextW invalid second uuid size attempt RuleID : 6432 - Revision : 15 - Type : OS-WINDOWS
2014-01-10	DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt RuleID : 6431 - Revision : 17 - Type : OS-WINDOWS
2014-01-10	DCERPC DIRECT msdtc BuildContextW object call invalid uuid size attempt RuleID : 6430 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT-UDP msdtc BuildContextW object call invalid uuid size attempt RuleID : 6429 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT-UDP msdtc BuildContextW little endian object call invalid uuid ... RuleID : 6428 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT msdtc BuildContextW little endian object call invalid uuid size... RuleID : 6427 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT msdtc BuildContextW invalid uuid size attempt RuleID : 6426 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT-UDP msdtc BuildContextW invalid uuid size attempt RuleID : 6425 - Revision : 7 - Type : NETBIOS
2014-01-10	DCERPC DIRECT-UDP v4 msdtc BuildContextW invalid uuid size attempt RuleID : 6424 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT-UDP msdtc BuildContextW little endian invalid uuid size attempt RuleID : 6423 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC DIRECT v4 msdtc BuildContextW invalid uuid size attempt RuleID : 6422 - Revision : 6 - Type : NETBIOS
2014-01-10	DCERPC DIRECT msdtc BuildContextW little endian invalid uuid size attempt RuleID : 6421 - Revision : 8 - Type : NETBIOS
2014-01-10	DCERPC NCADG-IP-UDP msdtc BuildContextW invalid uuid size attempt RuleID : 6420 - Revision : 16 - Type : OS-WINDOWS
2014-01-10	DCERPC NCACN-IP-TCP msdtc BuildContextW invalid uuid size attempt RuleID : 6419 - Revision : 16 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date	Description
2006-05-10	Name : A vulnerability in MSDTC could allow remote code execution. File : smb_kb913580.nasl - Type : ACT_GATHER_INFO
2006-05-09	Name : It is possible to crash the remote MSDTC service. File : smb_nt_ms06-018.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/17905
BUGTRAQ	http://www.securityfocus.com/archive/1/433425/100/0/threaded
MISC	http://www.eeye.com/html/research/advisories/AD20060509b.html
MS	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06...
OSVDB	http://www.osvdb.org/25336
OVAL	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SECTRACK	http://securitytracker.com/id?1016047
SECUNIA	http://secunia.com/advisories/20000
SREASON	http://securityreason.com/securityalert/864
VUPEN	http://www.vupen.com/english/advisories/2006/1742
XF	https://exchange.xforce.ibmcloud.com/vulnerabilities/25558

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-02-02 01:03:55	Multiple Updates
2024-02-01 12:01:52	Multiple Updates
2023-09-05 12:03:40	Multiple Updates
2023-09-05 01:01:44	Multiple Updates
2023-09-02 12:03:44	Multiple Updates
2023-09-02 01:01:44	Multiple Updates
2023-08-12 12:04:20	Multiple Updates
2023-08-12 01:01:44	Multiple Updates
2023-08-11 12:03:48	Multiple Updates
2023-08-11 01:01:46	Multiple Updates
2023-08-06 12:03:34	Multiple Updates
2023-08-06 01:01:45	Multiple Updates
2023-08-04 12:03:39	Multiple Updates
2023-08-04 01:01:47	Multiple Updates
2023-07-14 12:03:38	Multiple Updates
2023-07-14 01:01:46	Multiple Updates
2023-03-29 01:03:51	Multiple Updates
2023-03-28 12:01:50	Multiple Updates
2022-10-11 12:03:14	Multiple Updates
2022-10-11 01:01:37	Multiple Updates
2021-05-04 12:03:47	Multiple Updates
2021-04-22 01:04:20	Multiple Updates
2020-05-23 00:17:30	Multiple Updates
2019-05-09 12:01:44	Multiple Updates
2019-04-30 21:19:19	Multiple Updates
2018-10-18 21:20:01	Multiple Updates
2018-10-13 00:22:33	Multiple Updates
2017-10-11 09:23:38	Multiple Updates
2017-07-20 09:23:25	Multiple Updates
2016-06-28 15:39:48	Multiple Updates
2016-04-26 14:23:45	Multiple Updates
2014-02-17 10:35:00	Multiple Updates
2014-01-19 21:23:10	Multiple Updates
2013-05-11 10:51:20	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	4
CPE ID(s)	62
Sources(s)	14
osvdb(s)	1
Openvas Exploit(s)	2
Snort® Rule(s)	48
Nessus® Exploit(s)	2

	Related
7.5	MS06-018
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

5 - CVE-2006-1184

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU