Windows NetDDE buffer overflow

Added: 02/24/2006
CVE: CVE-2004-0206
BID: 11372
OSVDB: 10689

Background

Network Dynamic Data Exchange (NetDDE) is a Windows service which allows two applications to communicate with each other over a network.

Problem

A buffer overflow in the NetDDE service could allow a remote, anonymous attacker to execute arbitrary commands by sending a specially crafted NetDDE message to the vulnerable system.

Resolution

Disable the NetDDE service or install the patch referenced in Microsoft Security Bulletin 04-031.

References

http://www.microsoft.com/technet/security/Bulletin/MS04-031.mspx

Platforms

Windows

Back to exploit index