CVE-2006-0034

high

Microsoft

CVSS v3 Base Score

7.5

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Score

48.7%

Exploitation probability in 30 days

Top 2% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

Integrity

Availability

Published: May 10, 2006 (7309 days ago)

Last Modified: April 16, 2026

Vendor: Microsoft

Source: NVD

Description

Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.

CWE

CWE-119

Affected Products

microsoft distributed transaction coordinatormicrosoft windows 2000microsoft windows 2003 servermicrosoft windows ntmicrosoft windows xp

References

🔗 archives.neohapsis.com 🔗 archives.neohapsis.com 🔗 secunia.com 🔗 securityreason.com 🔗 securitytracker.com

CVE-2006-0034

Vulnerability Report

Description

CWE

Affected Products

References