The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows malicious users to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft windows xp |
||
microsoft windows 2003 server itanium |
||
microsoft windows 2003 server r2 |
||
microsoft windows 2003 server sp1 |
||
microsoft windows 2000 |
||
microsoft windows 2003 server 64-bit |