[Full-disclosure] Microsoft MSDTC NdrAllocate Validation Vulnerability

McAfee, Inc. McAfee Averttm Labs Security Advisory Public Release Date: 2006-05-09 Microsoft MSDTC NdrAllocate Validation Vulnerability CVE-2006-0034 Synopsis There is an RPC procedure within the MSDTC interface in msdtcprx.dll that may be called remotely without user credentials in such a way th...

CVE-2006-0034

Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator MSDTC for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or...

CVE-2006-0034

CVE-2006-0034 describes a heap-based buffer overflow in MSDTC’s RPC path (msdtcprx.dll BuildContextW/BuildContext) caused by an overly long fifth argument, triggering a bug in NdrAllocate. Affected products include Windows 2000/NT4-era MSDTC deployments, with the issue leading to denial of servic...

CVE-2006-0034

Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator MSDTC for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or...

CVE-2005-2119

The MIDLuserallocate function in the Microsoft Distributed Transaction Coordinator MSDTC proxy MSDTCPRX.DLL allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAlloca...