10689 : Microsoft Windows NetDDE Remote Overflow
Printer | http://osvdb.org/10689 | Email This | Edit Vulnerability

Views This Week

2

Views All Time

74

Info

Last Modified

7 months ago

Percent Complete

100%

Disclosure

Oct 12, 2004

Discovery

Unknown

Dates

Exploit

Jan 02, 2005

Solution

Unknown

Description

A remote overflow exists in Windows. The NetDDE service fails to validate input resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Technical

Even if the system is configured so that "netdde" is not started by default, this service is opened during the automatic windows update procedure and may open a window of risk.

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation
Watch-list
Windows
Watch-list
NT Server 4.0 SP6
NT Server Terminal Server Edition 4.0 SP6
2000 SP3
2000 SP4
XP
XP SP1
XP 64-Bit SP1
XP 64-Bit 2003
2003 Server x64
2003 Server

References

Tools & Filters

Snort

11736 11737 11738 11739 11740 11741 11742 11743 11744 11745 11746 11747 11748 11749 11750 11751 11752 11753 11754 11755 11756 11757 11758 11759 11760 11761 11762 11763 11764 11765 11766 11767 11768 11769 11770 11771 11772 11773 11774 11775 11776 11777 11778 11779 11780 11781 11782 11783 11784 11785 11786 11787 11788 11789 11790 11791 11792 11793 11794 11795 11796 11797 11798 11799 11800 11801 11802 11803 11804 11805 11806 11807 11808 11809 11810 11811 11812 11813 11814 11815 11816 ... and 34 more

Nessus

15456 15572

Credit

  • John Heasman -

Blogs

None found at this time

Comments

No Comments.

DONATE NOW!

User Status

Quick Searches

Advertisements

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2008 Open Source Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use