Description
The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
Products
- Microsoft Internet Information Services (IIS) 5.0
- Microsoft SQL Server 2000
- Microsoft SQL Server 2000
- Microsoft SQL Server 2000 (Initial Release)
- Microsoft SQLServer 2000 Service Pack 1
- Microsoft SQLServer 2000 Service Pack 2
- Microsoft SQLServer 2000 Service Pack 3
- Microsoft SQLServer 2000 Service Pack 3a
- Microsoft SQL Server 2000 Service Pack 4
- Microsoft SQL Server 2000 Service Pack 4 Analysis Services
- Microsoft SQLServer 6.5
- Microsoft SQLServer 7.0
- Microsoft SQL Server 7.0
- Microsoft Microsoft SQLServer 7.0 (alpha)
- Microsoft SQL Server 7.0 Service Pack 1
- Microsoft SQL Server 7.0 Service Pack 1 Alpha
- Microsoft SQL Server 7.0 Service Pack 2
- Microsoft SQL Server 7.0 Service Pack 2 Alpha
- Microsoft SQL Server 7.0 Service Pack 3
- Microsoft SQLServer 7.0 Service Pack 3 (alpha)
- Microsoft SQL Server 7.0 Service Pack 4
- Microsoft Windows 2000
- Microsoft Windows 2000 Service Pack 1
- Microsoft Windows 2000 Service Pack 2
- Microsoft Windows 2000
- Microsoft Windows 2000 Japanese Server Edition
- Microsoft Windows 2000 Advanced Server Edition
- Microsoft Windows 2000 Datacenter Server Edition
- Microsoft Windows 2000 Professional Edition
- Microsoft Windows 2000 Server Edition
- Microsoft Windows 2000 Beta 3
- Microsoft windows 2000_gold
- Microsoft Windows 2000 Addvanced Server (Initial Release)
- Microsoft Windows 2000 Datacenter Server (Initial Release)
- Microsoft Windows 2000 Professional (Initial release)
- Microsoft Windows 2000 Server (Inital release)
- Microsoft windows 2000_rc1
- Microsoft windows 2000_rc2
- Microsoft windows 2000_sp1
- Microsoft Windows 2000 Service Pack 1 Advanced Server Edition
- Microsoft Windows 2000 Service Pack 1 Datacenter Server Edition
- Microsoft Windows 2000 Service Pack 1 Professional Edition
- Microsoft Windows 2000 Service Pack 1 Server Edition
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Server SP1
- Microsoft windows 2000_sp2
- Microsoft Windows 2000 Service Pack 2 Advanced Server Edition
- Microsoft Windows 2000 Service Pack 2 Datacenter Server Edition
- Microsoft Windows 2000 Service Pack 2 Professional Edition
- Microsoft Windows 2000 Service Pack 2 Server Edition
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Server SP2
- Microsoft windows 2000_sp3
- Microsoft Windows 2000 Service Pack 3 Advanced Server Edition
- Microsoft Windows 2000 Service Pack 3 Datacenter Server Edition
- Microsoft Windows 2000 Service Pack 3 Professional Edition
- Microsoft Windows 2000 Service Pack 3 Server Edition
- Microsoft Windows 2000 Advanced Server SP3
- Microsoft Windows 2000 Datacenter Server SP3
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Server SP3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows 2000 Service Pack 4 Advanced Server Edition
- Microsoft Windows 2000 Service Pack 4 Datacenter Server Edition
- Microsoft Windows 2000 Service Pack 4 Professional Edition
- Microsoft Windows 2000 Service Pack 4 Server Edition
- Microsoft Windows 2000 Service Pack 4 French
- Microsoft Windows 2000 Advanced Server SP4
- Microsoft Windows 2000 Datacenter Server SP4
- Microsoft Windows 2000 Professional SP4
- Microsoft Windows 2000 Server SP4
- Microsoft windows 2000_beta3
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2002-0224, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2002-0224 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References