Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
MS-RPC:OF:MSDTC |
|---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
MS-RPC |
Keywords |
Microsoft Distributed Transaction Coordinator Overflow |
Release Date |
2005/10/11 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
MS-RPC: Microsoft Distributed Transaction Coordinator Overflow
This signature detects attempts to exploit a known vulnerability in the Microsoft Distributed Transaction Coordinator (msdtc.exe) process. A successful exploit can result in remote code execution with System privileges. You should use this signature to examine Internet-facing connections.
Extended Description
The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.
Affected Products
- Microsoft windows_2000 (sp4:)
- Microsoft windows_2000 (sp4)
- Microsoft windows_2000 (sp4::fr)
- Microsoft windows_2003_server 64-bit
- Microsoft windows_2003_server itanium
- Microsoft windows_2003_server r2
- Microsoft windows_2003_server sp1
- Microsoft windows_2003_server sp1 (:itanium)
- Microsoft windows_xp (:64-bit)
- Microsoft windows_xp (sp1)
- Microsoft windows_xp (sp1:tablet_pc)
- Microsoft windows_xp (sp2)
- Microsoft windows_xp (sp2:tablet_pc)
References