Summary
Detail | |||
---|---|---|---|
Vendor | Microsoft | First view | 2006-05-09 |
Product | Distributed Transaction Coordinator | Last view | 2006-05-09 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
CPE Name | Affected CVE |
---|---|
cpe:2.3:a:microsoft:distributed_transaction_coordinator:*:*:*:*:*:*:*:* | 2 |
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5 | 2006-05-09 | CVE-2006-1184 | Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119. |
7.5 | 2006-05-09 | CVE-2006-0034 | Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
100% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:1908 | MSDTC Invalid Memory Access Vulnerability (XP,SP1) |
oval:org.mitre.oval:def:1477 | MSDTC Invalid Memory Access Vulnerability (Server 2003) |
oval:org.mitre.oval:def:1222 | MSDTC Invalid Memory Access Vulnerability (Win2K) |
oval:org.mitre.oval:def:1990 | MSDTC Denial of Service Vulnerability (Win2K) |
oval:org.mitre.oval:def:1912 | MSDTC Denial of Service Vulnerability (XP,SP2) |
oval:org.mitre.oval:def:1779 | MSDTC Denial of Service Vulnerability (Server 2003) |
oval:org.mitre.oval:def:1295 | MSDTC Denial of Service Vulnerability (XP,SP1) |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
25336 | Microsoft Windows Distributed Transaction Coordinator (DTC) BuildContextW Req... |
25335 | Microsoft Windows Distributed Transaction Coordinator (DTC) CRpcIoManagerServ... |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | DCERPC DIRECT-UDP msdtc BuildContext little endian object call heap overflow ... RuleID : 6466 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC DIRECT-UDP msdtc BuildContext object call heap overflow attempt RuleID : 6465 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC DIRECT msdtc BuildContext little endian object call heap overflow attempt RuleID : 6464 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC DIRECT msdtc BuildContext object call heap overflow attempt RuleID : 6463 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC DIRECT-UDP msdtc BuildContext little endian heap overflow attempt RuleID : 6462 - Type : NETBIOS - Revision : 7 |
2014-01-10 | DCERPC DIRECT-UDP msdtc BuildContext heap overflow attempt RuleID : 6461 - Type : NETBIOS - Revision : 7 |
2014-01-10 | DCERPC DIRECT-UDP v4 msdtc BuildContext heap overflow attempt RuleID : 6460 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC DIRECT v4 msdtc BuildContext little endian heap overflow attempt RuleID : 6459 - Type : NETBIOS - Revision : 6 |
2014-01-10 | DCERPC DIRECT-UDP v4 msdtc BuildContext little endian heap overflow attempt RuleID : 6458 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC DIRECT msdtc BuildContext little endian heap overflow attempt RuleID : 6457 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC NCADG-IP-UDP msdtc BuildContext heap overflow attempt RuleID : 6456 - Type : OS-WINDOWS - Revision : 12 |
2014-01-10 | DCERPC NCACN-IP-TCP msdtc BuildContext heap overflow attempt RuleID : 6455 - Type : OS-WINDOWS - Revision : 12 |
2014-01-10 | DCERPC DIRECT-UDP msdtc BuildContextW object call heap overflow attempt RuleID : 6454 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC DIRECT msdtc BuildContextW little endian object call heap overflow att... RuleID : 6453 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC DIRECT-UDP msdtc BuildContextW little endian object call heap overflow... RuleID : 6452 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC DIRECT msdtc BuildContextW object call heap overflow attempt RuleID : 6451 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC DIRECT-UDP v4 msdtc BuildContextW heap overflow attempt RuleID : 6450 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC DIRECT-UDP msdtc BuildContextW heap overflow attempt RuleID : 6449 - Type : NETBIOS - Revision : 7 |
2014-01-10 | DCERPC DIRECT msdtc BuildContextW little endian heap overflow attempt RuleID : 6448 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC DIRECT v4 msdtc BuildContextW heap overflow attempt RuleID : 6447 - Type : NETBIOS - Revision : 5 |
2014-01-10 | DCERPC DIRECT v4 msdtc BuildContextW little endian heap overflow attempt RuleID : 6446 - Type : NETBIOS - Revision : 6 |
2014-01-10 | DCERPC DIRECT-UDP v4 msdtc BuildContextW little endian heap overflow attempt RuleID : 6445 - Type : NETBIOS - Revision : 8 |
2014-01-10 | DCERPC NCADG-IP-UDP msdtc BuildContextW heap overflow attempt RuleID : 6444 - Type : OS-WINDOWS - Revision : 13 |
2014-01-10 | DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt RuleID : 6443 - Type : OS-WINDOWS - Revision : 14 |
2014-01-10 | DCERPC DIRECT-UDP msdtc BuildContextW object call invalid second uuid size at... RuleID : 6442 - Type : NETBIOS - Revision : 8 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2006-05-10 | Name: A vulnerability in MSDTC could allow remote code execution. File: smb_kb913580.nasl - Type: ACT_GATHER_INFO |
2006-05-09 | Name: It is possible to crash the remote MSDTC service. File: smb_nt_ms06-018.nasl - Type: ACT_GATHER_INFO |