Vulnerabilities > CVE-2004-0206 - Remote Buffer Overflow vulnerability in Microsoft Windows NetDDE

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
microsoft
nessus
exploit available
metasploit
NVD
Published: 2004-11-03
Updated: 2018-10-12

Summary

Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.

Vulnerable Configurations

Part Description Count
OS
Microsoft
5

Exploit-Db

  • descriptionMicrosoft NetDDE Service Overflow. CVE-2004-0206. Remote exploit for windows platform
    idEDB-ID:16371
    last seen2016-02-01
    modified2010-07-03
    published2010-07-03
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16371/
    titleMicrosoft NetDDE Service Overflow
  • descriptionMS Windows NetDDE Remote Buffer Overflow Exploit (MS04-031). CVE-2004-0206. Remote exploit for windows platform
    idEDB-ID:734
    last seen2016-01-31
    modified2004-12-31
    published2004-12-31
    reporterhouseofdabus
    sourcehttps://www.exploit-db.com/download/734/
    titleMicrosoft Windows NetDDE Remote Buffer Overflow Exploit MS04-031

Metasploit

descriptionThis module exploits a stack buffer overflow in the NetDDE service, which is the precursor to the DCOM interface. This exploit effects only operating systems released prior to Windows XP SP1 (2000 SP4, XP SP0). Despite Microsoft's claim that this vulnerability can be exploited without authentication, the NDDEAPI pipe is only accessible after successful authentication.
idMSF:EXPLOIT/WINDOWS/SMB/MS04_031_NETDDE
last seen2020-05-23
modified2017-07-24
published2006-01-16
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0206
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/smb/ms04_031_netdde.rb
titleMS04-031 Microsoft NetDDE Service Overflow

Nessus

  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS04-031.NASL
    descriptionThe remote version of Windows is affected by a vulnerability in Network Dynamic Data Exchange (NetDDE). To exploit this flaw, NetDDE would have to be running and an attacker with a specific knowledge of the vulnerability would need to send a malformed NetDDE message to the remote host to overrun a given buffer. A public exploit is available to exploit this vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id15456
    published2004-10-12
    reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15456
    titleMS04-031: Vulnerability in NetDDE Could Allow Code Execution (841533)
  • NASL familyWindows
    NASL idNETDDE.NASL
    descriptionThe remote version of Windows is affected by a vulnerability in Network Dynamic Data Exchange (NetDDE). An attacker may exploit this flaw to execute arbitrary code on the remote host with the SYSTEM privileges.
    last seen2020-06-01
    modified2020-06-02
    plugin id15572
    published2004-10-27
    reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15572
    titleMS04-031: Vulnerability NetDDE Could Allow Code Execution (841533) (uncredentialed check)

Oval

  • accepted2008-03-24T04:00:19.747-04:00
    classvulnerability
    contributors
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameJeff Cheng
      organizationOpsware, Inc.
    • nameJonathan Baker
      organizationThe MITRE Corporation
    definition_extensions
    commentMicrosoft Windows NT is installed
    ovaloval:org.mitre.oval:def:36
    descriptionNetwork Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
    familywindows
    idoval:org.mitre.oval:def:1852
    statusaccepted
    submitted2004-10-13T04:09:00.000-04:00
    titleWindows NT Terminal Server Unchecked Buffer in NetDDE
    version72
  • accepted2008-03-24T04:00:25.386-04:00
    classvulnerability
    contributors
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameJohn Hoyland
      organizationCentennial Software
    • nameJeff Cheng
      organizationOpsware, Inc.
    • nameJonathan Baker
      organizationThe MITRE Corporation
    definition_extensions
    commentMicrosoft Windows NT is installed
    ovaloval:org.mitre.oval:def:36
    descriptionNetwork Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
    familywindows
    idoval:org.mitre.oval:def:2394
    statusaccepted
    submitted2004-10-13T04:09:00.000-04:00
    titleWindows NT Unchecked Buffer in NetDDE
    version73
  • accepted2011-05-16T04:02:42.779-04:00
    classvulnerability
    contributors
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameJeff Cheng
      organizationOpsware, Inc.
    • nameNelson Bunker
      organizationCritical Watch
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionNetwork Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
    familywindows
    idoval:org.mitre.oval:def:3120
    statusaccepted
    submitted2004-10-13T04:17:00.000-04:00
    titleWindows 2000 Unchecked Buffer in NetDDE (Test 1)
    version72
  • accepted2011-05-16T04:02:43.633-04:00
    classvulnerability
    contributors
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameJeff Cheng
      organizationOpsware, Inc.
    • nameDragos Prisaca
      organizationGideon Technologies, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionNetwork Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
    familywindows
    idoval:org.mitre.oval:def:3242
    statusaccepted
    submitted2004-10-15T08:03:00.000-04:00
    titleWindows XP (64-Bit) Unchecked Buffer in NetDDE
    version46
  • accepted2007-11-13T12:01:15.950-05:00
    classvulnerability
    contributors
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameJeff Cheng
      organizationOpsware, Inc.
    descriptionNetwork Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
    familywindows
    idoval:org.mitre.oval:def:4592
    statusaccepted
    submitted2004-10-14T04:38:00.000-04:00
    titleWindows Server 2003 (32-Bit) Unchecked Buffer in NetDDE
    version28
  • accepted2011-05-16T04:03:08.606-04:00
    classvulnerability
    contributors
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameJeff Cheng
      organizationOpsware, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionNetwork Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
    familywindows
    idoval:org.mitre.oval:def:5074
    statusaccepted
    submitted2004-10-14T05:10:00.000-04:00
    titleWindows XP (32-Bit) Unchecked Buffer in NetDDE
    version34
  • accepted2009-12-21T04:01:18.394-05:00
    classvulnerability
    contributors
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameJeff Cheng
      organizationOpsware, Inc.
    • nameDragos Prisaca
      organizationGideon Technologies, Inc.
    descriptionNetwork Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
    familywindows
    idoval:org.mitre.oval:def:6788
    statusaccepted
    submitted2004-10-14T04:23:00.000-04:00
    titleWindows Server 2003 (64-Bit) Unchecked Buffer in NetDDE
    version41

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/83028/ms04_031_netdde.rb.txt
idPACKETSTORM:83028
last seen2016-12-05
published2009-11-26
reporterPusscat
sourcehttps://packetstormsecurity.com/files/83028/Microsoft-NetDDE-Service-Overflow.html
titleMicrosoft NetDDE Service Overflow

Saint

bid11372
descriptionWindows NetDDE buffer overflow
idwin_patch_netdde
osvdb10689
titlenetdde_bo
typeremote

References