ID CVE-2004-0206
Summary Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 12-10-2018 - 21:34)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2008-03-24T04:00:19.747-04:00
    class vulnerability
    contributors
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    definition_extensions
    comment Microsoft Windows NT is installed
    oval oval:org.mitre.oval:def:36
    description Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
    family windows
    id oval:org.mitre.oval:def:1852
    status accepted
    submitted 2004-10-13T04:09:00.000-04:00
    title Windows NT Terminal Server Unchecked Buffer in NetDDE
    version 69
  • accepted 2008-03-24T04:00:25.386-04:00
    class vulnerability
    contributors
    • name Jonathan Baker
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    definition_extensions
    comment Microsoft Windows NT is installed
    oval oval:org.mitre.oval:def:36
    description Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
    family windows
    id oval:org.mitre.oval:def:2394
    status accepted
    submitted 2004-10-13T04:09:00.000-04:00
    title Windows NT Unchecked Buffer in NetDDE
    version 70
  • accepted 2011-05-16T04:02:42.779-04:00
    class vulnerability
    contributors
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Nelson Bunker
      organization Critical Watch
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
    family windows
    id oval:org.mitre.oval:def:3120
    status accepted
    submitted 2004-10-13T04:17:00.000-04:00
    title Windows 2000 Unchecked Buffer in NetDDE (Test 1)
    version 71
  • accepted 2011-05-16T04:02:43.633-04:00
    class vulnerability
    contributors
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
    family windows
    id oval:org.mitre.oval:def:3242
    status accepted
    submitted 2004-10-15T08:03:00.000-04:00
    title Windows XP (64-Bit) Unchecked Buffer in NetDDE
    version 45
  • accepted 2007-11-13T12:01:15.950-05:00
    class vulnerability
    contributors
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jeff Cheng
      organization Opsware, Inc.
    description Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
    family windows
    id oval:org.mitre.oval:def:4592
    status accepted
    submitted 2004-10-14T04:38:00.000-04:00
    title Windows Server 2003 (32-Bit) Unchecked Buffer in NetDDE
    version 27
  • accepted 2011-05-16T04:03:08.606-04:00
    class vulnerability
    contributors
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
    family windows
    id oval:org.mitre.oval:def:5074
    status accepted
    submitted 2004-10-14T05:10:00.000-04:00
    title Windows XP (32-Bit) Unchecked Buffer in NetDDE
    version 33
  • accepted 2009-12-21T04:01:18.394-05:00
    class vulnerability
    contributors
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    description Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
    family windows
    id oval:org.mitre.oval:def:6788
    status accepted
    submitted 2004-10-14T04:23:00.000-04:00
    title Windows Server 2003 (64-Bit) Unchecked Buffer in NetDDE
    version 40
refmap via4
bid 11372
bugtraq 20041013 Microsoft Windows NetDDE Service Buffer Overflow
cert-vn VU#640488
ms MS04-031
secunia 12803
xf
  • win-ms04031-patch(17657)
  • win-netdde-bo(16556)
saint via4
bid 11372
description Windows NetDDE buffer overflow
id win_patch_netdde
osvdb 10689
title netdde_bo
type remote
vulnerable_product via4
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*
Last major update 12-10-2018 - 21:34
Published 03-11-2004 - 05:00
Back to Top