Microsoft Windows NetDDE MS04-031 patch is not installed
| win-ms04031-patch (17657) |  High Risk |
Description:
The patch specified in Microsoft Security Bulletin MS04-031 is not installed, which could allow a remote attacker to execute arbitrary code on the system.
Microsoft Windows NT 4.0 SP6a, Windows NT 4.0 TSE SP6, Windows 2000 SP3, Windows 2000 SP4, Windows XP, Windows XP SP1, Windows XP version 2003, Windows Server 2003, Windows 98, Windows 98 SE, and Windows Me could allow an attacker to execute arbitrary code on the system, caused by a buffer overflow in the Network Dynamic Data Exchange (NetDDE) services. The NetDDE services allow communication between applications over a network. A remote attacker could exploit this vulnerability by sending a long message to an affected system to overflow a buffer and gain complete control of the system or cause a denial of service. A local attacker could exploit this vulnerability by creating a specially-crafted application, which would allow the attacker to gain elevated privileges on a system.
NetDDE services are not started by default. The services must be manually started or started by an application that requires NetDDE for a system to be exploited.
Consequences:
Gain Access
Remedy:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS04-031. See References.
References:
- BugTraq Mailing List, Wed Oct 13 2004 - 09:35:35 CDT: Microsoft Windows NetDDE Service Buffer Overflow.
- IBM Internet Security Systems X-Force Database: Microsoft Internet Information Server (IIS) MS04-021 patch is not installed.
- Microsoft Security Bulletin MS04-031: Vulnerability in NetDDE Could Allow Remote Code Execution (841533).
- NGSSoftware Insight Security Research Advisory #NISR21012005: Microsoft NetDDE Service Unauthenticated Remote Buffer Overflow.
- BID-11372: Microsoft Windows NetDDE Remote Buffer Overflow Vulnerability
- CVE-2004-0206: Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an unchecked buffer
Platforms Affected:
- Microsoft Windows 2000 SP3
- Microsoft Windows 2000 SP4
- Microsoft Windows 2003 Server x64
- Microsoft Windows 2003 Server
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows Me
- Microsoft Windows NT 4.0 SP6a Server
- Microsoft Windows NT 4.0 SP6 Terminal Server
- Microsoft Windows XP 2003 x64
- Microsoft Windows XP
- Microsoft Windows XP SP1
- Microsoft Windows XP SP1 x64
Reported:
Oct 08, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net