Xiao Chen

Name of the Vulnerable Software and Affected Versions: Microsoft Distributed Transaction Coordinator (MSDTC) versions for Windows NT 4.0 and Windows 2000 SP2 and SP3 Description: A heap-based buffer overflow issue exists in the CRpcIoManagerServer::BuildContext function, allowing remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode. This triggers a bug in the NdrAllocate function. Additionally, a denial of service vulnerability exists where an attacker could send a specially crafted network message to cause the MSDTC to stop responding, although this would not allow code execution or user rights elevation. Recommendations: For Microsoft Distributed Transaction Coordinator (MSDTC) versions for Windows NT 4.0 and Windows 2000 SP2 and SP3, consider disabling the BuildContext function as a temporary workaround until a patch is available. Restrict access to the CRpcIoManagerServer::BuildContext function to minimize the risk of exploitation. Avoid using the long fifth argument to the BuildContextW or BuildContext opcode in the affected systems until the issue is resolved.