CVE-2006-1184

3 documents3 sources

Severity

5.0MEDIUM

EPSS

37.7%

top 2.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 2003 Server Microsoft Windows NT

Timeline

PublishedMay 10

Latest updateMay 1

Description

Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmicrosoft/windows_2003_server5 versions+4

▶NVDmicrosoft/windows_nt4.0

Patches

Patch: secunia.com ↗Patch: www.eeye.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-2f5f-jxgm-vf88: Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4↗2022-05-01

▶

CVEList

CVE-2006-1184: Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4↗2006-05-09

▶