10689 : Microsoft Windows NetDDE Remote Overflow
Printer | http://osvdb.org/10689 | Email This | Edit Vulnerability

Views This Week Views All Time Added to OSVDB Last Modified Modified (since 2008) Percent Complete
9 1725 over 8 years ago over 2 years ago 10 times 90%

Timeline

Disclosure Date
2004-10-12

Description

A remote overflow exists in Windows. The NetDDE service fails to validate input resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Commercial

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation
Windows
NT Server 4.0 SP6
NT Server Terminal Server Edition 4.0 SP6
XP
XP SP1
XP 64-Bit SP1
XP 64-Bit 2003
2003 Server x64
Windows Server 2003
SP0
Windows 2000
SP3
SP4

References

Tools & Filters

Snort

11736 11737 11738 11739 11740 11741 11742 11743 11744 11745 11746 11747 11748 11749 11750 11751 11752 11753 11754 11755 11756 11757 11758 11759 11760 11761 11762 11763 11764 11765 11766 11767 11768 11769 11770 11771 11772 11773 11774 11775 11776 11777 11778 11779 11780 11781 11782 11783 11784 11785 11786 11787 11788 11789 11790 11791 11792 11793 11794 11795 11796 11797 11798 11799 11800 11801 11802 11803 11804 11805 11806 11807 11808 11809 11810 11811 11812 11813 11814 11815 11816 ... and 34 more
15456 15572

ms04_031

Credit

  • John Heasman -

CVSSv2 Score

CVSSv2 Base Score = 7.5
Source: nvd.nist.gov | Generated: 2003-12-31 | Disagree?

Access_vector_2 Access_complexity_2 Authentication_2 Confidentiality_impact_1 Integrity_impact_1 Availability_impact_1

Comments

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2002 - 2013 Open Source Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use