MS-RPC: NetDDE Long Share Name Buffer Overflow
This signature detects attempts to exploit a known vulnerability against the share name resource in Windows Network Dynamic Data Exchange connections. All Microsoft Windows platforms that support NetDDE are vulnerable. Attackers can send a crafted NetDDE request to overflow a buffer in the Windows DDE service and execute arbitrary code.
Extended Description
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
Affected Products
Microsoft windows_98
References
BugTraq: 11372
CVE: CVE-2004-0206
URL: http://www.microsoft.com/technet/security/bulletin/MS04-031.mspx http://www.kb.cert.org/vuls/id/640488
Short Name
MS-RPC:OF:NETDDE-SHARE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
MS-RPC
Keywords
Buffer CVE-2004-0206 Long Name NetDDE Overflow Share bid:11372
Release Date
01/11/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
Port
TCP/135,137,138,139,445,593,1025-1050
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5