CVE-2006-5266

Name of the Vulnerable Software and Affected Versions Microsoft Dynamics GP versions 9.0 and earlier

Description The issue allows remote attackers to execute arbitrary code via crafted messages to specific components. This can be achieved by sending a crafted Distributed Process Manager (DPM) message to the DPM component, or by sending a long string or long IP address in a Distributed Process Server (DPS) message to either the DPM or DPS component.

Recommendations For Microsoft Dynamics GP versions 9.0 and earlier, consider restricting access to the DPM and DPS components until a fix is available. As a temporary workaround, avoid using long strings or IP addresses in DPS messages to minimize the risk of exploitation.