CVE-2004-0206

EPSS 77.0%

Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.

Affected products

n/a · n/a

public PoCs found — 2

exploitdbwww.exploit-db.com/exploits/16371unverified exploitdbwww.exploit-db.com/exploits/734unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://marc.info/?l=bugtraq&m=109786703930674&w=2 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-031 http://secunia.com/advisories/12803/https://exchange.xforce.ibmcloud.com/vulnerabilities/16556 https://exchange.xforce.ibmcloud.com/vulnerabilities/17657 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1852 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2394 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3120 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3242 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4592 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6788