CVE-2006-1184

Name of the Vulnerable Software and Affected Versions Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003

Description A denial of service issue exists, allowing remote attackers to cause a system crash via a BuildContextW request with a large UuidString or GuidIn of a certain length, resulting in an out-of-range memory access. This could enable an attacker to send a specially crafted network message to an affected system, causing the Microsoft Distributed Transaction Coordinator (MSDTC) to stop responding. The denial of service issue does not allow an attacker to execute code or elevate their user rights but could cause the affected system to stop accepting requests.

Recommendations For Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003, consider restricting access to the BuildContextW request until a patch is available. As a temporary workaround, consider disabling the MSDTC service to minimize the risk of exploitation. Avoid using the UuidString and GuidIn parameters in the BuildContextW request until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.