CERTVU:640488Microsoft Windows contains an unchecked buffer in the NetDDE services
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
96.5%
Overview
A vulnerability in the Network Dynamic Data Exchange service for Microsoft Windows could allow an attacker to compromise the affected system.
Description
Microsoft’s Network Dynamic Data Exchange (NetDDE) is a communication protocol that allows two Windows applications to communicate with each other over a network. A buffer management flaw exists in the way that this service handles certain malformed messages. This flaw results in a vulnerability that could allow an attacker to compromise the system. According to Microsoft security bulletin MS04-031:
A remote code execution vulnerability exists in the NetDDE services because of an unchecked buffer. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, the NetDDE services are not started by default and would have to be manually started for an attacker to attempt to remotely exploit this vulnerability.
This bulletin also states:
There are cases when Microsoft Excel could also use NetDDE. Microsoft Knowledge Base Article 128941 discusses how Microsoft Excel can use NetDDE.
Impact
A remote unauthenticated attacker may be able to execute arbitrary code with administrative privileges on the affected system. Microsoft reports that this vulnerability could also be used to attempt to perform a local elevation of privilege or remote denial of service.
Solution
Apply a patch from the vendor
Microsoft has published Microsoft Security Bulletin MS04-031 in response to this issue. Users are strongly encouraged to review this bulletin and apply the patches it refers to.
Workarounds
In addition to the patches referenced above, Microsoft has published workarounds for this issue. Users who are unable to apply the patches are strongly encouraged to implement these workarounds as appropriate. Microsoft states explicitly:
Third-party applications may also require the NetDDE services; therefore it is important to test the suggested workarounds in your organization before you deploy this update.
Vendor Information
640488
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Microsoft Corporation __ Affected
Updated: October 13, 2004
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Microsoft has published Microsoft Security Bulletin MS04-031 in response to this issue. Users are strongly encouraged to review this bulletin and apply the patches it refers to.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23640488 Feedback>).
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://www.microsoft.com/technet/security/bulletin/MS04-031.mspx>
- <http://www.nextgenss.com/advisories/netdde.txt>
- <http://www.ngssoftware.com/advisories/netddefull.txt>
Acknowledgements
Thanks to John Heasman of Next Generation Security Software Ltd for reporting this vulnerability.
This document was written by Chad R Dougherty based on information provided by Microsoft.
Other Information
| CVE IDs: | CVE-2004-0206 |
|---|---|
| Severity Metric: | 16.88 Date Public: |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
96.5%