Vulnerabilities > CVE-2004-0206 - Remote Buffer Overflow vulnerability in Microsoft Windows NetDDE
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 5 |
Exploit-Db
description Microsoft NetDDE Service Overflow. CVE-2004-0206. Remote exploit for windows platform id EDB-ID:16371 last seen 2016-02-01 modified 2010-07-03 published 2010-07-03 reporter metasploit source https://www.exploit-db.com/download/16371/ title Microsoft NetDDE Service Overflow description MS Windows NetDDE Remote Buffer Overflow Exploit (MS04-031). CVE-2004-0206. Remote exploit for windows platform id EDB-ID:734 last seen 2016-01-31 modified 2004-12-31 published 2004-12-31 reporter houseofdabus source https://www.exploit-db.com/download/734/ title Microsoft Windows NetDDE Remote Buffer Overflow Exploit MS04-031
Metasploit
description | This module exploits a stack buffer overflow in the NetDDE service, which is the precursor to the DCOM interface. This exploit effects only operating systems released prior to Windows XP SP1 (2000 SP4, XP SP0). Despite Microsoft's claim that this vulnerability can be exploited without authentication, the NDDEAPI pipe is only accessible after successful authentication. |
id | MSF:EXPLOIT/WINDOWS/SMB/MS04_031_NETDDE |
last seen | 2020-05-23 |
modified | 2017-07-24 |
published | 2006-01-16 |
references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0206 |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/smb/ms04_031_netdde.rb |
title | MS04-031 Microsoft NetDDE Service Overflow |
Nessus
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS04-031.NASL description The remote version of Windows is affected by a vulnerability in Network Dynamic Data Exchange (NetDDE). To exploit this flaw, NetDDE would have to be running and an attacker with a specific knowledge of the vulnerability would need to send a malformed NetDDE message to the remote host to overrun a given buffer. A public exploit is available to exploit this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 15456 published 2004-10-12 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15456 title MS04-031: Vulnerability in NetDDE Could Allow Code Execution (841533) NASL family Windows NASL id NETDDE.NASL description The remote version of Windows is affected by a vulnerability in Network Dynamic Data Exchange (NetDDE). An attacker may exploit this flaw to execute arbitrary code on the remote host with the SYSTEM privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 15572 published 2004-10-27 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15572 title MS04-031: Vulnerability NetDDE Could Allow Code Execution (841533) (uncredentialed check)
Oval
accepted 2008-03-24T04:00:19.747-04:00 class vulnerability contributors name Jonathan Baker organization The MITRE Corporation name Jeff Cheng organization Opsware, Inc. name Jonathan Baker organization The MITRE Corporation
definition_extensions comment Microsoft Windows NT is installed oval oval:org.mitre.oval:def:36 description Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow. family windows id oval:org.mitre.oval:def:1852 status accepted submitted 2004-10-13T04:09:00.000-04:00 title Windows NT Terminal Server Unchecked Buffer in NetDDE version 72 accepted 2008-03-24T04:00:25.386-04:00 class vulnerability contributors name Jonathan Baker organization The MITRE Corporation name John Hoyland organization Centennial Software name Jeff Cheng organization Opsware, Inc. name Jonathan Baker organization The MITRE Corporation
definition_extensions comment Microsoft Windows NT is installed oval oval:org.mitre.oval:def:36 description Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow. family windows id oval:org.mitre.oval:def:2394 status accepted submitted 2004-10-13T04:09:00.000-04:00 title Windows NT Unchecked Buffer in NetDDE version 73 accepted 2011-05-16T04:02:42.779-04:00 class vulnerability contributors name Jonathan Baker organization The MITRE Corporation name Jeff Cheng organization Opsware, Inc. name Nelson Bunker organization Critical Watch name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow. family windows id oval:org.mitre.oval:def:3120 status accepted submitted 2004-10-13T04:17:00.000-04:00 title Windows 2000 Unchecked Buffer in NetDDE (Test 1) version 72 accepted 2011-05-16T04:02:43.633-04:00 class vulnerability contributors name Jonathan Baker organization The MITRE Corporation name Jeff Cheng organization Opsware, Inc. name Dragos Prisaca organization Gideon Technologies, Inc. name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow. family windows id oval:org.mitre.oval:def:3242 status accepted submitted 2004-10-15T08:03:00.000-04:00 title Windows XP (64-Bit) Unchecked Buffer in NetDDE version 46 accepted 2007-11-13T12:01:15.950-05:00 class vulnerability contributors name Jonathan Baker organization The MITRE Corporation name Jeff Cheng organization Opsware, Inc.
description Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow. family windows id oval:org.mitre.oval:def:4592 status accepted submitted 2004-10-14T04:38:00.000-04:00 title Windows Server 2003 (32-Bit) Unchecked Buffer in NetDDE version 28 accepted 2011-05-16T04:03:08.606-04:00 class vulnerability contributors name Jonathan Baker organization The MITRE Corporation name Jeff Cheng organization Opsware, Inc. name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow. family windows id oval:org.mitre.oval:def:5074 status accepted submitted 2004-10-14T05:10:00.000-04:00 title Windows XP (32-Bit) Unchecked Buffer in NetDDE version 34 accepted 2009-12-21T04:01:18.394-05:00 class vulnerability contributors name Jonathan Baker organization The MITRE Corporation name Jeff Cheng organization Opsware, Inc. name Dragos Prisaca organization Gideon Technologies, Inc.
description Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow. family windows id oval:org.mitre.oval:def:6788 status accepted submitted 2004-10-14T04:23:00.000-04:00 title Windows Server 2003 (64-Bit) Unchecked Buffer in NetDDE version 41
Packetstorm
data source | https://packetstormsecurity.com/files/download/83028/ms04_031_netdde.rb.txt |
id | PACKETSTORM:83028 |
last seen | 2016-12-05 |
published | 2009-11-26 |
reporter | Pusscat |
source | https://packetstormsecurity.com/files/83028/Microsoft-NetDDE-Service-Overflow.html |
title | Microsoft NetDDE Service Overflow |
Saint
bid | 11372 |
description | Windows NetDDE buffer overflow |
id | win_patch_netdde |
osvdb | 10689 |
title | netdde_bo |
type | remote |
References
- http://marc.info/?l=bugtraq&m=109786703930674&w=2
- http://secunia.com/advisories/12803/
- http://www.kb.cert.org/vuls/id/640488
- http://www.securityfocus.com/bid/11372
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-031
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16556
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17657
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1852
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2394
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3120
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3242
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4592
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5074
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6788