Microsoft Windows NetDDE Remote Overflow

2004-10-12T16:03:57
ID OSVDB:10689
Type osvdb
Reporter John Heasman()
Modified 2004-10-12T16:03:57

Description

Vulnerability Description

A remote overflow exists in Windows. The NetDDE service fails to validate input resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Technical Description

Even if the system is configured so that "netdde" is not started by default, this service is opened during the automatic windows update procedure and may open a window of risk.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

A remote overflow exists in Windows. The NetDDE service fails to validate input resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Security Tracker: 1011634 Secunia Advisory ID:12803 Nessus Plugin ID:15572 Nessus Plugin ID:15456 Microsoft Security Bulletin: MS04-031 Microsoft Knowledge Base Article: 841533 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0142.html Mail List Post: http://lists.immunitysec.com/pipermail/dailydave/2004-December/001320.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-02/0082.html ISS X-Force ID: 16556 Generic Exploit URL: http://beyonce.beyondsecurity.com/exploits/5FP030KEKS.html CVE-2004-0206