25335 : Microsoft Windows Distributed Transaction Coordinator (DTC) CRpcIoManagerServer::BuildContext Function Remote Overflow
Printer | http://osvdb.org/25335 | Email This | Edit Vulnerability

Views This Week

4

Views All Time

202

Info

Last Modified

about 1 year ago

Percent Complete

100%

Disclosure

May 09, 2006

Discovery

Oct 11, 2005

Dates

Exploit

Unknown

Solution

Unknown

Keywords

EEYEB20051011A

Description

Windows Systems for which the MS05-051 patch was not released ( NT4 and W2K SP2&3 ) were found to be vulnerable to a remotely exploitable SYSTEM level compromise through the same DTC RPC Service as previously described. This is accomplished via a complex heap overflow through the 5th argument to BuildContext or BuildContextW, depending upon the O/S version. This is enabled by default and thus classed as critical.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Unavailable
Disclosure: OSVDB Verified

Solution

Since these platforms are no longer officially supported by Microsoft ( except for those with Legacy Support contracts ) there is no publically available fix for these issues.

Products

Microsoft Corporation	Windows	2000 SP3
		2000 SP2
		NT 4.0

References

Bugtraq ID: 17905
Secunia Advisory ID: 20000
CVE ID: 2006-0034 (see also: NVD)
Related OSVDB ID: 25336
Microsoft Knowledge Base Article: 913580
Keyword: EEYEB20051011A
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0238.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0269.html
Other Advisory URL: http://www.eeye.com/html/research/advisories/AD20060509a.html
Microsoft Security Bulletin: MS06-018

Tools & Filters

Nessus	21331 21334
Snort	6443 6444 6445 6446 6447 6448 6449 6450 6451 6452 6453 6454 6455 6456 6457 6458 6459 6460 6461 6462 6463 6464 6465 6466

Credit

Derek Soeder - dsoedereeye.com - eEye Digital Security
Kai Zhang - VenusTech

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

User Status

Account
- Login
- Sign-Up

Quick Searches

Advertisements

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2008 Open Source Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use