1. CVE-Search
  2. CVE-2004-0206
ID CVE-2004-0206
Summary Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 12-10-2018 - 21:34)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2008-03-24T04:00:19.747-04:00
    class vulnerability
    contributors
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    definition_extensions
    comment Microsoft Windows NT is installed
    oval oval:org.mitre.oval:def:36
    description Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
    family windows
    id oval:org.mitre.oval:def:1852
    status accepted
    submitted 2004-10-13T04:09:00.000-04:00
    title Windows NT Terminal Server Unchecked Buffer in NetDDE
    version 75
  • accepted 2008-03-24T04:00:25.386-04:00
    class vulnerability
    contributors
    • name Jonathan Baker
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    definition_extensions
    comment Microsoft Windows NT is installed
    oval oval:org.mitre.oval:def:36
    description Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
    family windows
    id oval:org.mitre.oval:def:2394
    status accepted
    submitted 2004-10-13T04:09:00.000-04:00
    title Windows NT Unchecked Buffer in NetDDE
    version 76
  • accepted 2011-05-16T04:02:42.779-04:00
    class vulnerability
    contributors
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Nelson Bunker
      organization Critical Watch
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
    family windows
    id oval:org.mitre.oval:def:3120
    status accepted
    submitted 2004-10-13T04:17:00.000-04:00
    title Windows 2000 Unchecked Buffer in NetDDE (Test 1)
    version 72
  • accepted 2011-05-16T04:02:43.633-04:00
    class vulnerability
    contributors
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
    family windows
    id oval:org.mitre.oval:def:3242
    status accepted
    submitted 2004-10-15T08:03:00.000-04:00
    title Windows XP (64-Bit) Unchecked Buffer in NetDDE
    version 46
  • accepted 2007-11-13T12:01:15.950-05:00
    class vulnerability
    contributors
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jeff Cheng
      organization Opsware, Inc.
    description Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
    family windows
    id oval:org.mitre.oval:def:4592
    status accepted
    submitted 2004-10-14T04:38:00.000-04:00
    title Windows Server 2003 (32-Bit) Unchecked Buffer in NetDDE
    version 28
  • accepted 2011-05-16T04:03:08.606-04:00
    class vulnerability
    contributors
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
    family windows
    id oval:org.mitre.oval:def:5074
    status accepted
    submitted 2004-10-14T05:10:00.000-04:00
    title Windows XP (32-Bit) Unchecked Buffer in NetDDE
    version 34
  • accepted 2009-12-21T04:01:18.394-05:00
    class vulnerability
    contributors
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    description Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
    family windows
    id oval:org.mitre.oval:def:6788
    status accepted
    submitted 2004-10-14T04:23:00.000-04:00
    title Windows Server 2003 (64-Bit) Unchecked Buffer in NetDDE
    version 41
refmap via4
bid 11372
bugtraq 20041013 Microsoft Windows NetDDE Service Buffer Overflow
cert-vn VU#640488
secunia 12803
xf
  • win-ms04031-patch(17657)
  • win-netdde-bo(16556)
saint via4
bid 11372
description Windows NetDDE buffer overflow
id win_patch_netdde
osvdb 10689
title netdde_bo
type remote
Last major update 12-10-2018 - 21:34
Published 03-11-2004 - 05:00
Last modified 12-10-2018 - 21:34
Back to Top