Microsoft Windows 2000, XP and Server 2003 contain vulnerabilities in the COM+ and Microsoft Distributed Transaction Coordinator (MSDTC) that could allow remote attacker to create a denial of service (DoS) condition or obtain elevated privileges on the affected system.
The first vulnerability (CAN-2005-1978) exists due to a flaw in the process COM+ uses to create memory structures. An attacker could exploit this vulnerability by sending crafted network messages to the affected system. This could allow the attacker to execute arbitrary code on the system with privileges of the current user.
The second vulnerability (CAN-2005-1979) exists due to a flaw in the method MSDTC uses to validate Transaction Internet Protocol (TIP) requests. An attacker in
control of a malicious server could exploit this vulnerability by sending malformed network messages to the affected system. This could cause the service to cease responding to incoming traffic, resulting in a DoS condition.
The third vulnerability (CAN-2005-1980) could allow an attacker to perform a distributed denial of service (DDoS) attack from an affected system. The vulnerability exists because MSDTC does not properly validate TIP requests. As a result, an attacker could send a malformed network message to the affected system, causing the service to cease responding to additional traffic. The attacker could also transfer the crafted message to another TIP server, resulting in a DoS condition on both systems.
The fourth vulnerability
(CAN-2005-2119) exists due to an unchecked buffer in the MSDTC service. An attacker could exploit this vulnerability by supplying a crafted message to the affected system over TCP port 3372. This could allow the attacker to execute arbitrary code on the affected system with elevated privileges.
Exploit code is available.
Patches are available.