Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMicrosoftCVE-2006-0034
HistoryMay 10, 2006 - 2:14 a.m.

CVE-2006-0034

2006-05-1002:14:00
CWE-119
microsoft
web.nvd.nist.gov
42
cve-2006-0034
heap-based buffer overflow
crpciomanagerserver::buildcontext
msdtcprx.dll
microsoft distributed transaction coordinator
msdtc
windows nt 4.0
windows 2000
ndrallocate function
vulnerability
nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.779

Percentile

98.3%

JSON

Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.

Affected configurations

Nvd
Node
microsoftdistributed_transaction_coordinator
Node
microsoftwindows_2000
OR
microsoftwindows_2000sp1
OR
microsoftwindows_2000sp2
OR
microsoftwindows_2000sp3
OR
microsoftwindows_2000sp4
OR
microsoftwindows_2003_serverMatchenterprise64-bit
OR
microsoftwindows_2003_serverMatchenterprise_64-bit
OR
microsoftwindows_2003_serverMatchr264-bit
OR
microsoftwindows_2003_serverMatchr2datacenter_64-bit
OR
microsoftwindows_2003_serverMatchstandard64-bit
OR
microsoftwindows_2003_serverMatchweb
OR
microsoftwindows_ntMatch4.0
OR
microsoftwindows_ntMatch4.0enterprise_server
OR
microsoftwindows_ntMatch4.0server
OR
microsoftwindows_ntMatch4.0terminal_server
OR
microsoftwindows_ntMatch4.0workstation
OR
microsoftwindows_ntMatch4.0sp1
OR
microsoftwindows_ntMatch4.0sp1enterprise_server
OR
microsoftwindows_ntMatch4.0sp1server
OR
microsoftwindows_ntMatch4.0sp1terminal_server
OR
microsoftwindows_ntMatch4.0sp1workstation
OR
microsoftwindows_ntMatch4.0sp2
OR
microsoftwindows_ntMatch4.0sp2enterprise_server
OR
microsoftwindows_ntMatch4.0sp2server
OR
microsoftwindows_ntMatch4.0sp2terminal_server
OR
microsoftwindows_ntMatch4.0sp2workstation
OR
microsoftwindows_ntMatch4.0sp3
OR
microsoftwindows_ntMatch4.0sp3enterprise_server
OR
microsoftwindows_ntMatch4.0sp3server
OR
microsoftwindows_ntMatch4.0sp3terminal_server
OR
microsoftwindows_ntMatch4.0sp3workstation
OR
microsoftwindows_ntMatch4.0sp4
OR
microsoftwindows_ntMatch4.0sp4enterprise_server
OR
microsoftwindows_ntMatch4.0sp4server
OR
microsoftwindows_ntMatch4.0sp4terminal_server
OR
microsoftwindows_ntMatch4.0sp4workstation
OR
microsoftwindows_ntMatch4.0sp5
OR
microsoftwindows_ntMatch4.0sp5enterprise_server
OR
microsoftwindows_ntMatch4.0sp5server
OR
microsoftwindows_ntMatch4.0sp5terminal_server
OR
microsoftwindows_ntMatch4.0sp5workstation
OR
microsoftwindows_ntMatch4.0sp6
OR
microsoftwindows_ntMatch4.0sp6enterprise_server
OR
microsoftwindows_ntMatch4.0sp6server
OR
microsoftwindows_ntMatch4.0sp6terminal_server
OR
microsoftwindows_ntMatch4.0sp6workstation
OR
microsoftwindows_ntMatch4.0sp6a
OR
microsoftwindows_ntMatch4.0sp6aenterprise_server
OR
microsoftwindows_ntMatch4.0sp6aserver
OR
microsoftwindows_ntMatch4.0sp6aterminal_server
OR
microsoftwindows_ntMatch4.0sp6aworkstation
OR
microsoftwindows_xp64-bit
OR
microsoftwindows_xpembedded
OR
microsoftwindows_xphome
OR
microsoftwindows_xpmedia_center
OR
microsoftwindows_xpgoldprofessional
OR
microsoftwindows_xpsp164-bit
OR
microsoftwindows_xpsp1embedded
OR
microsoftwindows_xpsp1home
OR
microsoftwindows_xpsp1media_center
OR
microsoftwindows_xpsp2tablet_pc
VendorProductVersionCPE
microsoftdistributed_transaction_coordinator*cpe:2.3:a:microsoft:distributed_transaction_coordinator:*:*:*:*:*:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
microsoftwindows_2003_serverenterprisecpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
microsoftwindows_2003_serverenterprise_64-bitcpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
microsoftwindows_2003_serverr2cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
microsoftwindows_2003_serverr2cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
Rows per page:
1-10 of 621

References

Related

nvd 1
prion 1
cvelist 1
securityvulns 2
checkpoint_advisories 1
nessus 2
nvd
nvd
CVE-2006-0034
2006-05-10 02:14:00
prion
prion
Heap overflow
2006-05-10 02:14:00
cvelist
cvelist
CVE-2006-0034
2006-05-09 23:00:00
securityvulns
securityvulns
[Full-disclosure] Microsoft MSDTC NdrAllocate Validation Vulnerability
2006-05-11 00:00:00
Microsoft Security Bulletin MS06-018 Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580)
2006-05-09 00:00:00
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against Microsoft Distributed Transaction Coordinator Vulnerability (MS06-018)
2006-05-09 00:00:00
nessus
nessus
MS06-018: Vulnerability in MSDTC Could Allow Denial of Service (913580)
2006-05-09 00:00:00
MS06-018: Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow DoS (913580) (uncredentialed check)
2006-05-10 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.779

Percentile

98.3%

JSON
Related for CVE-2006-0034
nvd1prion1cvelist1securityvulns2checkpoint_advisories1nessus2