Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.SMB_NT_MS04-031.NASL
HistoryOct 12, 2004 - 12:00 a.m.

MS04-031: Vulnerability in NetDDE Could Allow Code Execution (841533)

2004-10-1200:00:00
This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
www.tenable.com
34

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.222

Percentile

96.5%

JSON

The remote version of Windows is affected by a vulnerability in Network Dynamic Data Exchange (NetDDE).

To exploit this flaw, NetDDE would have to be running and an attacker with a specific knowledge of the vulnerability would need to send a malformed NetDDE message to the remote host to overrun a given buffer.

A public exploit is available to exploit this vulnerability.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(15456);
 script_version("1.35");
 script_cvs_date("Date: 2018/11/15 20:50:29");

 script_cve_id("CVE-2004-0206");
 script_bugtraq_id(11372);
 script_xref(name:"MSFT", value:"MS04-031");
 script_xref(name:"MSKB", value:"841533");

 script_name(english:"MS04-031: Vulnerability in NetDDE Could Allow Code Execution (841533)");
 script_summary(english:"Determines if hotfix 841533 has been installed");

 script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote host through the NetDDE
service.");
 script_set_attribute(attribute:"description", value:
"The remote version of Windows is affected by a vulnerability in Network
Dynamic Data Exchange (NetDDE).

To exploit this flaw, NetDDE would have to be running and an attacker
with a specific knowledge of the vulnerability would need to send a
malformed NetDDE message to the remote host to overrun a given buffer.

A public exploit is available to exploit this vulnerability.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2004/ms04-031");
 script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows NT, 2000, XP and
2003.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'MS04-031 Microsoft NetDDE Service Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
 script_set_attribute(attribute:"canvas_package", value:'CANVAS');

 script_set_attribute(attribute:"vuln_publication_date", value:"2004/10/12");
 script_set_attribute(attribute:"patch_publication_date", value:"2004/10/12");
 script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/12");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS04-031';
kb = '841533';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(nt:'6', win2k:'3,4', xp:'0,1', win2003:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  hotfix_is_vulnerable(os:"5.2", sp:0, file:"Netdde.exe", version:"5.2.3790.184", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:1, file:"Netdde.exe", version:"5.1.2600.1567", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:0, file:"Netdde.exe", version:"5.1.2600.158", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.0", file:"Netdde.exe", version:"5.0.2195.6952", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"4.0", file:"Netdde.exe", version:"4.0.1381.7280", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

Related

saint 4
canvas 1
cvelist 1
cert 1
nessus 1
nvd 1
securityvulns 1
packetstorm 1
metasploit 1
cve 1
exploitdb 1
saint
saint
Windows NetDDE buffer overflow
2006-02-24 00:00:00
Windows NetDDE buffer overflow
2006-02-24 00:00:00
Windows NetDDE buffer overflow
2006-02-24 00:00:00
canvas
canvas
Immunity Canvas: MS04_031
2004-11-03 05:00:00
cvelist
cvelist
CVE-2004-0206
2004-10-16 04:00:00
cert
cert
Microsoft Windows contains an unchecked buffer in the NetDDE services
2004-10-13 00:00:00
nessus
nessus
MS04-031: Vulnerability NetDDE Could Allow Code Execution (841533) (uncredentialed check)
2004-10-27 00:00:00
nvd
nvd
CVE-2004-0206
2004-11-03 05:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS04-031
2004-10-13 00:00:00
packetstorm
packetstorm
Microsoft NetDDE Service Overflow
2009-11-26 00:00:00
metasploit
metasploit
MS04-031 Microsoft NetDDE Service Overflow
2006-01-21 22:10:20
cve
cve
CVE-2004-0206
2004-11-03 05:00:00
exploitdb
exploitdb
Microsoft NetDDE Service - Remote Overflow (MS04-031) (Metasploit)
2010-07-03 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.222

Percentile

96.5%

JSON
Related for SMB_NT_MS04-031.NASL
saint4canvas1cvelist1cert1nessus1nvd1securityvulns1packetstorm1metasploit1cve1exploitdb1