Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0206

42 documents7 sources
Severity
7.5HIGH
EPSS
80.4%
top 0.87%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft Windows 2003 ServerMicrosoft Windows NT
Timeline
PublishedNov 3
Latest updateApr 29

Description

Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Patches

Patch: www.kb.cert.orgPatch: www.kb.cert.org

🔴Vulnerability Details

2
GHSA
GHSA-633f-4wqf-793j: Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 42022-04-29
CVEList
CVE-2004-0206: Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 42004-10-16

💥Exploits & PoCs

2
Exploit-DB
Microsoft NetDDE Service - Remote Overflow (MS04-031) (Metasploit)2010-07-03
Exploit-DB
Microsoft Windows - NetDDE Remote Buffer Overflow (MS04-031)2004-12-31

🔍Detection Rules

32
Suricata
GPL NETBIOS SMB-DS nddeapi unicode bind attempt2010-09-23
Suricata
GPL NETBIOS SMB-DS nddeapi unicode andx bind attempt2010-09-23
Suricata
GPL NETBIOS SMB-DS NDdeSetTrustedShareW little endian overflow attempt2010-09-23
Suricata
GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode overflow attempt2010-09-23
Suricata
GPL NETBIOS SMB-DS nddeapi andx create tree attempt2010-09-23

📋Vendor Advisories

2
Red Hat
cups: incomplete fix for CVE-2004-0888 / CVE-2005-02062008-04-01
Red Hat
security flaw2004-10-20

💬Community

3
Bugzilla
CVE-2005-0206 security flaw2018-08-16
Bugzilla
CVE-2008-1374 cups: incomplete fix for CVE-2004-0888 / CVE-2005-02062008-03-20
Bugzilla
CAN-2004-0888 xpdf issues affect cups (CAN-2005-0206)2005-02-08