• Microsoft Windows 2000 Service Pack 4
• Microsoft Windows XP Service Pack 1 and Service Pack 2
• Microsoft Windows XP Professional x64 Edition
• Microsoft Windows Server 2003 Service Pack 1
• Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
• Microsoft Windows Server 2003 x64 Edition

As per Microsoft:

The Microsoft Distributed Transaction Coordinator MSDTC is a distributed transaction facility for Microsoft Windows platforms. MSDTC uses proven transaction processing technology which provides low-cost distributed transaction facility for users of networked, commodity-priced PCs and servers and supports a variety of resource managers, including relational databases, object-oriented databases, file systems, document storage systems, and message queues.

COM+ is the next step in the evolution of the Microsoft Component Object Model and Microsoft Transaction Server MTS . COM+ handles resource management tasks, such as thread allocation and security.

MSDTC supports Transaction Internet Protocol TIP . TIP transactions implicitly assume a two-pipe architecture. In this architecture, messages that describe the work flow on one pipe, the application-to-application pipe, and messages that control the transaction flow on another pipe, the transaction manager-to-transaction manager pipe. MS DTC selects TIP when an application program or resource manager explicitly uses the TIP COM interfaces.

The following vulnerabilities exist in the COM+ and MSDTC

1. An unchecked buffer in the MSDTC can be exploited to execute arbitrary code or to gain escalated privileges. On Windows 2000 this is a remote code execution vulnerability. On Windows XP Service Pack 1 and Windows Server 2003 this is a local privilege elevation vulnerability. On Windows XP Service Pack 1, this also becomes a remote code execution vulnerability if the Microsoft Distributed Transaction Coordinator is started.

An attacker could exploit this vulnerability by sending a maliciously crafter network message to the vulnerable system.

It may be noted that on Windows 2000, any anonymous user who could deliver a specially crafted network message to the affected system could exploit this vulnerability.

2. A vulnerability exist in the way the process that COM+ uses to create and use memory structures. This flaw could be exploited by an attacker via a specially crafted network message, or by running a specially crafted application which allows him to gain escalated privileges.

3. An error in the MSDTC when validating TIP Transaction Internet Protocol requests can be exploited to cause the service to stop responding via a specially crafted network message causing Denial of Service.