Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1184

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-1184
Last Modified 07 Mar 2011 09:32:20
Published 09 May 2006 10:14:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1184

Summary

Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server Enterprise

  • Microsoft Windows 2003 Server Enterprise 64-bit

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 2003 Server Standard

  • Microsoft Windows 2003 Server Web

  • Microsoft Windows Nt 4.0

  • Microsoft Windows Xp

Application

  • Microsoft Distributed Transaction Coordinator


References

BID - 17905

BUGTRAQ - 20060509 [EEYEB20051011B] - Microsoft Distributed Transaction Coordinator Denial of Service

MS - MS06-018

MISC - http://www.eeye.com/html/research/advisories/AD20060509b.html

SECUNIA - 20000

VUPEN - ADV-2006-1742

XF - msdtc-message-dos(25558)

OSVDB - 25336

SECTRACK - 1016047

SREASON - 864


Last Updated: 27 May 2016 10:41:58