Network and Host Security Lab Project CISY #### By Michael Fiore and Lucas Weber Table of Contents Executive Summary……………………………………
Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote malicious users to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft distributed transaction coordinator |
||
microsoft windows 2000 |
||
microsoft windows 2003 server web |
||
microsoft windows nt 4.0 |
||
microsoft windows 2003 server r2 |
||
microsoft windows 2003 server standard |
||
microsoft windows xp |
||
microsoft windows 2003 server enterprise_64-bit |
||
microsoft windows 2003 server enterprise |