Description: Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
1) An out-of-bounds memory access error in the MSDTC (Microsoft Distributed Transaction Coordinator) can be exploited via a specially crafted BuildContextW request with a large UuidString or GuidIn string.
Successful exploitation causes the MSDTC component and dependent services to stop responding.
This vulnerability is related to vulnerability #1 in: SA17161
2) A boundary error in the "CRpcIoManagerServer::BuildContext()" function in msdtcprx.dll within MSDTC can be exploited to cause a heap-based buffer overflow. According to the vendor, this causes the MSDTC component and dependent services to stop responding when receiving a specially crafted network message.
According to eEye Digital Security, this vulnerability can be exploited to execute arbitrary code on a vulnerable system.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Provided and/or discovered by: 1) Derek Soeder of eEye Digital Security and Kai Zhang of VenusTech.
2) Derek Soeder of eEye Digital Security and Chen Xiaobo of McAfee Avert Labs.
Changelog: 2006-05-09: Added additional information from eEye Digital Security.
2006-05-11: Added additional information from McAfee.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
