CVE-2004-0206
published 2004-11-03CVE-2004-0206: Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to…
PriorityP263high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
77.00%
99.5th percentile
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_2003_server | — | — |
| microsoft | windows_nt | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort
alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS nddeapi unicode bind attempt"; flow:established,to_server; flowbits:isset,smb.tree.create.nddeapi; flowbits:set,smb.tree.bind.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-10,relative,from_beginning; content:"|05|"; distance:4; within:1; content:"|0B|"; within:1; distance:1; content:" 2_/&|C1|v|10 B5|I|07|M|07 86 19 DA|"; within:16; distance:29; reference:bugtraq,11372; reference:cve,2004-0206; classtype:protocol-command-decode; sid:2102935; rev:8;)
snort
alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS nddeapi unicode andx bind attempt"; flow:established,to_server; flowbits:isset,smb.tree.create.nddeapi; flowbits:set,smb.tree.bind.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-10,relative,from_beginning; pcre:"/^.{4}/R"; content:"|05|"; within:1; content:"|0B|"; within:1; distance:1; content:" 2_/&|C1|v|10 B5|I|07|M|07 86 19 DA|"; within:16; distance:29; reference:bugtraq,11372; reference:cve,2004-0206; classtype:protocol-command-decode; sid:2102963; rev:6;)snort
alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS NDdeSetTrustedShareW little endian overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-10,relative,from_beginning; content:"|05|"; distance:4; within:1; byte_test:1,!&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|0C 00|"; within:2; distance:19; isdataat:256,relative; content:!"|00|"; within:256; distance:12; reference:bugtraq,11372; reference:cve,2004-0206; classtype:attempted-admin; sid:2102948; rev:7;)
bytes↗
NDDEAPI DCE/RPC bind UUID: 2f5f3220-c126-1076-b549-074d078619da (content:" 2_/&|C1|v|10 B5|I|07|M|07 86 19 DA|")
- →The exploit requires prior SMB authentication before accessing the NDDEAPI named pipe; detect authenticated SMB sessions that subsequently open the \PIPE\nddeapi named pipe. ↗
- →Monitor for DCE/RPC bind requests to UUID 2f5f3220-c126-1076-b549-074d078619da (version 1.2) over ncacn_np transport targeting the nddeapi pipe. ↗
- →Alert on DCE/RPC calls to opcode 0x0C (NDdeSetTrustedShareW) on the nddeapi pipe where the data payload exceeds 256 bytes without a null terminator, indicating a buffer overflow attempt. ↗
- →Use flowbits to track the SMB tree connect to nddeapi and then flag subsequent DCE/RPC bind and function call activity on that session. ↗
- →The exploit targets only Windows 2000 SP4 and Windows XP SP0; presence of the NetDDE service running on these OS versions is a prerequisite indicator. ↗
- ·The Metasploit module only has a return address target for Windows 2000 SP4 (ret: 0x77e56f43); other OS versions listed in the PoC (XP SP0/SP1, 2000 SP2/SP3) may require different offsets. ↗
- ·The Snort rules for the bind attempt are classified as Informational severity, meaning they detect reconnaissance/setup activity rather than confirmed exploitation; the overflow attempt rule (sid:2102948) is classified attempted-admin. ↗
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-633f-4wqf-793j: Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4
ghsa_unreviewed·2022-04-29
CVE-2004-0206 [HIGH] GHSA-633f-4wqf-793j: Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
Red Hat
cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
vendor_redhat·2008-04-01·CVSS 10.0
CVE-2008-1374 [CRITICAL] cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: this issue is due to an incomplete fix for CVE-2004-0888.
Red Hat
security flaw
vendor_redhat·2004-10-20·CVSS 10.0
CVE-2005-0206 [CRITICAL] security flaw
security flaw
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
Suricata
GPL NETBIOS SMB-DS nddeapi unicode bind attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB-DS nddeapi unicode bind attempt
GPL NETBIOS SMB-DS nddeapi unicode bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS nddeapi unicode bind attempt"; flow:established,to_server; flowbits:isset,smb.tree.create.nddeapi; flowbits:set,smb.tree.bind.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-10,relative,from_beginning; content:"|05|"; distance:4; within:1; content:"|0B|"; within:1; distance:1; content:" 2_/&|C1|v|10 B5|I|07|M|07 86 19 DA|"; within:16; distance:29; reference:bugtraq,11372; reference:cve,2004-0206; classtype:protocol-command-decode; sid:2102935; rev:8; metadata:created_at 2010_09_23, cve CV
Suricata
GPL NETBIOS SMB-DS nddeapi unicode andx bind attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB-DS nddeapi unicode andx bind attempt
GPL NETBIOS SMB-DS nddeapi unicode andx bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS nddeapi unicode andx bind attempt"; flow:established,to_server; flowbits:isset,smb.tree.create.nddeapi; flowbits:set,smb.tree.bind.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-10,relative,from_beginning; pcre:"/^.{4}/R"; content:"|05|"; within:1; content:"|0B|"; within:1; distance:1; content:" 2_/&|C1|v|10 B5|I|07|M|07 86 19 DA|"; within:16; distance:29; reference:
Suricata
GPL NETBIOS SMB-DS NDdeSetTrustedShareW little endian overflow attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB-DS NDdeSetTrustedShareW little endian overflow attempt
GPL NETBIOS SMB-DS NDdeSetTrustedShareW little endian overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS NDdeSetTrustedShareW little endian overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-10,relative,from_beginning; content:"|05|"; distance:4; within:1; byte_test:1,!&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|0C 00|"; within:2; distance:19; isdataat:256,relative; content:!"|00|"; within:256; distance:12; reference:bugtraq,11372; reference:cve,2004-0206; classtype:attempted-admin; sid:2102948; rev
Suricata
GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode overflow attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode overflow attempt
GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-10,relative,from_beginning; content:"|05|"; distance:4; within:1; byte_test:1,&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|00 0C|"; within:2; distance:19; isdataat:512,relative; content:!"|00 00|"; within:512; distance:12; reference:bugtraq,11372; reference:cve,2004-0206; classtype:attempted-admin; sid
Suricata
GPL NETBIOS SMB-DS nddeapi andx create tree attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB-DS nddeapi andx create tree attempt
GPL NETBIOS SMB-DS nddeapi andx create tree attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS nddeapi andx create tree attempt"; flow:established,to_server; flowbits:isset,smb.tree.connect.ipc; flowbits:set,smb.tree.create.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\x2e|\x24|\x74)/sR"; byte_test:1,!&,128,6,relative; content:"|A2|"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"|5C|nddeapi|00|"; within:9; distance:51; nocase; reference:bugtraq,11372; reference:cve,2004-0206; classtype:protocol-command-decode; sid:2102958; rev:5; metadata:created_at 2010_09_23, cve CVE_2004_0206, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updat
Suricata
GPL NETBIOS SMB NDdeSetTrustedShareW unicode andx overflow attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB NDdeSetTrustedShareW unicode andx overflow attempt
GPL NETBIOS SMB NDdeSetTrustedShareW unicode andx overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB NDdeSetTrustedShareW unicode andx overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-10,relative,from_beginning; pcre:"/^.{4}/R"; content:"|05|"; within:1; byte_test:1,&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|00 0C|"; within:2; distance:19; isdataat:512,relative
Suricata
GPL NETBIOS SMB-DS NDdeSetTrustedShareW andx overflow attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB-DS NDdeSetTrustedShareW andx overflow attempt
GPL NETBIOS SMB-DS NDdeSetTrustedShareW andx overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS NDdeSetTrustedShareW andx overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,!&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-10,relative,from_beginning; pcre:"/^.{4}/R"; content:"|05|"; within:1; byte_test:1,&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|00 0C|"; within:2; distance:19; isdataat:256,relative; content:!"|00|"; within:256; di
Suricata
GPL NETBIOS SMB-DS NDdeSetTrustedShareW overflow attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB-DS NDdeSetTrustedShareW overflow attempt
GPL NETBIOS SMB-DS NDdeSetTrustedShareW overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS NDdeSetTrustedShareW overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-10,relative,from_beginning; content:"|05|"; distance:4; within:1; byte_test:1,&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|00 0C|"; within:2; distance:19; isdataat:256,relative; content:!"|00|"; within:256; distance:12; reference:bugtraq,11372; reference:cve,2004-0206; classtype:attempted-admin; sid:2102938; rev:6; metadata:created_at 2010_
Suricata
GPL NETBIOS SMB nddeapi andx create tree attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB nddeapi andx create tree attempt
GPL NETBIOS SMB nddeapi andx create tree attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB nddeapi andx create tree attempt"; flow:established,to_server; flowbits:isset,smb.tree.connect.ipc; flowbits:set,smb.tree.create.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\x2e|\x24|\x74)/sR"; byte_test:1,!&,128,6,relative; content:"|A2|"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"|5C|nddeapi|00|"; within:9; distance:51; nocase; reference:bugtraq,11372; reference:cve,2004-0206; classtype:protocol-command-decode; sid:2102956; rev:5; metadata:created_at 2010_09_23, cve CVE_2004_0206, signature_severity Informational, updated_at 2024_03_14;)
Suricata
GPL NETBIOS SMB nddeapi bind attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB nddeapi bind attempt
GPL NETBIOS SMB nddeapi bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB nddeapi bind attempt"; flow:established,to_server; flowbits:isset,smb.tree.create.nddeapi; flowbits:set,smb.tree.bind.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-10,relative,from_beginning; content:"|05|"; distance:4; within:1; content:"|0B|"; within:1; distance:1; content:" 2_/&|C1|v|10 B5|I|07|M|07 86 19 DA|"; within:16; distance:29; reference:bugtraq,11372; reference:cve,2004-0206; classtype:protocol-command-decode; sid:2102932; rev:7; metadata:created_at 2010_09_23, cve CVE_2004_0206, signature_severity Informational
Suricata
GPL NETBIOS SMB NDdeSetTrustedShareW unicode little endian overflow attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB NDdeSetTrustedShareW unicode little endian overflow attempt
GPL NETBIOS SMB NDdeSetTrustedShareW unicode little endian overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB NDdeSetTrustedShareW unicode little endian overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-10,relative,from_beginning; content:"|05|"; distance:4; within:1; byte_test:1,!&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|0C 00|"; within:2; distance:19; isdataat:512,relative; content:!"|00 00|"; within:512; distance:12; reference:bugtraq,11372; reference:cve,2004-0206; classty
Suricata
GPL NETBIOS SMB nddeapi andx bind attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB nddeapi andx bind attempt
GPL NETBIOS SMB nddeapi andx bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB nddeapi andx bind attempt"; flow:established,to_server; flowbits:isset,smb.tree.create.nddeapi; flowbits:set,smb.tree.bind.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,!&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-10,relative,from_beginning; pcre:"/^.{4}/R"; content:"|05|"; within:1; content:"|0B|"; within:1; distance:1; content:" 2_/&|C1|v|10 B5|I|07|M|07 86 19 DA|"; within:16; distance:29; reference:bugtraq,11372; reference:cve,2004-0206; class
Suricata
GPL NETBIOS SMB nddeapi unicode bind attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB nddeapi unicode bind attempt
GPL NETBIOS SMB nddeapi unicode bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB nddeapi unicode bind attempt"; flow:established,to_server; flowbits:isset,smb.tree.create.nddeapi; flowbits:set,smb.tree.bind.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-10,relative,from_beginning; content:"|05|"; distance:4; within:1; content:"|0B|"; within:1; distance:1; content:" 2_/&|C1|v|10 B5|I|07|M|07 86 19 DA|"; within:16; distance:29; reference:bugtraq,11372; reference:cve,2004-0206; classtype:protocol-command-decode; sid:2102933; rev:7; metadata:created_at 2010_09_23, cve CVE_2004
Suricata
GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode little endian overflow attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode little endian overflow attempt
GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode little endian overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode little endian overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-10,relative,from_beginning; content:"|05|"; distance:4; within:1; byte_test:1,!&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|0C 00|"; within:2; distance:19; isdataat:512,relative; content:!"|00 00|"; within:512; distance:12; reference:bugtraq,11372; reference:cve,2004-0206; c
Suricata
GPL NETBIOS SMB NDdeSetTrustedShareW little endian andx overflow attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB NDdeSetTrustedShareW little endian andx overflow attempt
GPL NETBIOS SMB NDdeSetTrustedShareW little endian andx overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB NDdeSetTrustedShareW little endian andx overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,!&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-10,relative,from_beginning; pcre:"/^.{4}/R"; content:"|05|"; within:1; byte_test:1,!&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|0C 00|"; within:2; distance:19; isdataat:256,relative; content:
Suricata
GPL NETBIOS SMB-DS nddeapi bind attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB-DS nddeapi bind attempt
GPL NETBIOS SMB-DS nddeapi bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS nddeapi bind attempt"; flow:established,to_server; flowbits:isset,smb.tree.create.nddeapi; flowbits:set,smb.tree.bind.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-10,relative,from_beginning; content:"|05|"; distance:4; within:1; content:"|0B|"; within:1; distance:1; content:" 2_/&|C1|v|10 B5|I|07|M|07 86 19 DA|"; within:16; distance:29; reference:bugtraq,11372; reference:cve,2004-0206; classtype:protocol-command-decode; sid:2102934; rev:7; metadata:created_at 2010_09_23, cve CVE_2004_0206, confidence Medium, signatu
Suricata
GPL NETBIOS SMB NDdeSetTrustedShareW overflow attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB NDdeSetTrustedShareW overflow attempt
GPL NETBIOS SMB NDdeSetTrustedShareW overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB NDdeSetTrustedShareW overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-10,relative,from_beginning; content:"|05|"; distance:4; within:1; byte_test:1,&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|00 0C|"; within:2; distance:19; isdataat:256,relative; content:!"|00|"; within:256; distance:12; reference:bugtraq,11372; reference:cve,2004-0206; classtype:attempted-admin; sid:2102936; rev:6; metadata:created_at 2010_09_23,
Suricata
GPL NETBIOS SMB-DS NDdeSetTrustedShareW little endian andx overflow attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB-DS NDdeSetTrustedShareW little endian andx overflow attempt
GPL NETBIOS SMB-DS NDdeSetTrustedShareW little endian andx overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS NDdeSetTrustedShareW little endian andx overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,!&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-10,relative,from_beginning; pcre:"/^.{4}/R"; content:"|05|"; within:1; byte_test:1,!&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|0C 00|"; within:2; distance:19; isdataat:256,relative; co
Suricata
GPL NETBIOS SMB NDdeSetTrustedShareW unicode little endian andx overflow attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB NDdeSetTrustedShareW unicode little endian andx overflow attempt
GPL NETBIOS SMB NDdeSetTrustedShareW unicode little endian andx overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB NDdeSetTrustedShareW unicode little endian andx overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-10,relative,from_beginning; pcre:"/^.{4}/R"; content:"|05|"; within:1; byte_test:1,!&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|0C 00|"; within:2; dista
Suricata
GPL NETBIOS SMB-DS nddeapi andx bind attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB-DS nddeapi andx bind attempt
GPL NETBIOS SMB-DS nddeapi andx bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS nddeapi andx bind attempt"; flow:established,to_server; flowbits:isset,smb.tree.create.nddeapi; flowbits:set,smb.tree.bind.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,!&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-10,relative,from_beginning; pcre:"/^.{4}/R"; content:"|05|"; within:1; content:"|0B|"; within:1; distance:1; content:" 2_/&|C1|v|10 B5|I|07|M|07 86 19 DA|"; within:16; distance:29; reference:bugtraq,11372; reference:cve,2004-0206;
Suricata
GPL NETBIOS SMB NDdeSetTrustedShareW little endian overflow attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB NDdeSetTrustedShareW little endian overflow attempt
GPL NETBIOS SMB NDdeSetTrustedShareW little endian overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB NDdeSetTrustedShareW little endian overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-10,relative,from_beginning; content:"|05|"; distance:4; within:1; byte_test:1,!&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|0C 00|"; within:2; distance:19; isdataat:256,relative; content:!"|00|"; within:256; distance:12; reference:bugtraq,11372; reference:cve,2004-0206; classtype:attempted-admin; sid:2102946; rev:7; me
Suricata
GPL NETBIOS SMB nddeapi unicode create tree attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB nddeapi unicode create tree attempt
GPL NETBIOS SMB nddeapi unicode create tree attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB nddeapi unicode create tree attempt"; flow:established,to_server; flowbits:isset,smb.tree.connect.ipc; flowbits:set,smb.tree.create.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB|A2|"; within:5; distance:3; byte_test:1,&,128,6,relative; content:"|5C 00|n|00|d|00|d|00|e|00|a|00|p|00|i|00 00 00|"; within:18; distance:78; nocase; reference:bugtraq,11372; reference:cve,2004-0206; classtype:protocol-command-decode; sid:2102929; rev:6; metadata:created_at 2010_09_23, cve CVE_2004_0206, signature_severity Informational, updated_at 2024_03_14;)
Suricata
GPL NETBIOS SMB NDdeSetTrustedShareW unicode overflow attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB NDdeSetTrustedShareW unicode overflow attempt
GPL NETBIOS SMB NDdeSetTrustedShareW unicode overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB NDdeSetTrustedShareW unicode overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-10,relative,from_beginning; content:"|05|"; distance:4; within:1; byte_test:1,&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|00 0C|"; within:2; distance:19; isdataat:512,relative; content:!"|00 00|"; within:512; distance:12; reference:bugtraq,11372; reference:cve,2004-0206; classtype:attempted-admin; sid:21029
Suricata
GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode andx overflow attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode andx overflow attempt
GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode andx overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode andx overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-10,relative,from_beginning; pcre:"/^.{4}/R"; content:"|05|"; within:1; byte_test:1,&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|00 0C|"; within:2; distance:19; isdataat:512,re
Suricata
GPL NETBIOS SMB-DS nddeapi create tree attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB-DS nddeapi create tree attempt
GPL NETBIOS SMB-DS nddeapi create tree attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS nddeapi create tree attempt"; flow:established,to_server; flowbits:isset,smb.tree.connect.ipc; flowbits:set,smb.tree.create.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB|A2|"; within:5; distance:3; byte_test:1,!&,128,6,relative; content:"|5C|nddeapi|00|"; within:9; distance:78; nocase; reference:bugtraq,11372; reference:cve,2004-0206; classtype:protocol-command-decode; sid:2102930; rev:6; metadata:created_at 2010_09_23, cve CVE_2004_0206, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_14;)
Suricata
GPL NETBIOS SMB-DS nddeapi unicode create tree attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB-DS nddeapi unicode create tree attempt
GPL NETBIOS SMB-DS nddeapi unicode create tree attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS nddeapi unicode create tree attempt"; flow:established,to_server; flowbits:isset,smb.tree.connect.ipc; flowbits:set,smb.tree.create.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB|A2|"; within:5; distance:3; byte_test:1,&,128,6,relative; content:"|5C 00|n|00|d|00|d|00|e|00|a|00|p|00|i|00 00 00|"; within:18; distance:78; nocase; reference:bugtraq,11372; reference:cve,2004-0206; classtype:protocol-command-decode; sid:2102931; rev:6; metadata:created_at 2010_09_23, cve CVE_2004_0206, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_14;)
Suricata
GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode little endian andx overflow attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode little endian andx overflow attempt
GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode little endian andx overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode little endian andx overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-10,relative,from_beginning; pcre:"/^.{4}/R"; content:"|05|"; within:1; byte_test:1,!&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|0C 00|"; within:2;
Suricata
GPL NETBIOS SMB nddeapi create tree attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB nddeapi create tree attempt
GPL NETBIOS SMB nddeapi create tree attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB nddeapi create tree attempt"; flow:established,to_server; flowbits:isset,smb.tree.connect.ipc; flowbits:set,smb.tree.create.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB|A2|"; within:5; distance:3; byte_test:1,!&,128,6,relative; content:"|5C|nddeapi|00|"; within:9; distance:78; nocase; reference:bugtraq,11372; reference:cve,2004-0206; classtype:protocol-command-decode; sid:2102928; rev:6; metadata:created_at 2010_09_23, cve CVE_2004_0206, signature_severity Informational, updated_at 2024_03_14;)
Suricata
GPL NETBIOS SMB-DS nddeapi unicode andx create tree attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB-DS nddeapi unicode andx create tree attempt
GPL NETBIOS SMB-DS nddeapi unicode andx create tree attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS nddeapi unicode andx create tree attempt"; flow:established,to_server; flowbits:isset,smb.tree.connect.ipc; flowbits:set,smb.tree.create.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\x2e|\x24|\x74)/sR"; byte_test:1,&,128,6,relative; content:"|A2|"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"|5C 00|n|00|d|00|d|00|e|00|a|00|p|00|i|00 00 00|"; within:18; distance:51; nocase; reference:bugtraq,11372; reference:cve,2004-0206; classtype:protocol-command-decode; sid:2102959; rev:5; metadata:created_at 2010_09_23, cve CVE_2004_0206, confidence Medium, signature_severity Informational, tag
Suricata
GPL NETBIOS SMB NDdeSetTrustedShareW andx overflow attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB NDdeSetTrustedShareW andx overflow attempt
GPL NETBIOS SMB NDdeSetTrustedShareW andx overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB NDdeSetTrustedShareW andx overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,!&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-10,relative,from_beginning; pcre:"/^.{4}/R"; content:"|05|"; within:1; byte_test:1,&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|00 0C|"; within:2; distance:19; isdataat:256,relative; content:!"|00|"; within:256; distance
Suricata
GPL NETBIOS SMB nddeapi unicode andx bind attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB nddeapi unicode andx bind attempt
GPL NETBIOS SMB nddeapi unicode andx bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB nddeapi unicode andx bind attempt"; flow:established,to_server; flowbits:isset,smb.tree.create.nddeapi; flowbits:set,smb.tree.bind.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-10,relative,from_beginning; pcre:"/^.{4}/R"; content:"|05|"; within:1; content:"|0B|"; within:1; distance:1; content:" 2_/&|C1|v|10 B5|I|07|M|07 86 19 DA|"; within:16; distance:29; reference:bugtra
Suricata
GPL NETBIOS SMB nddeapi unicode andx create tree attempt
suricata·2010-09-23
CVE-2004-0206 GPL NETBIOS SMB nddeapi unicode andx create tree attempt
GPL NETBIOS SMB nddeapi unicode andx create tree attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB nddeapi unicode andx create tree attempt"; flow:established,to_server; flowbits:isset,smb.tree.connect.ipc; flowbits:set,smb.tree.create.nddeapi; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\x2e|\x24|\x74)/sR"; byte_test:1,&,128,6,relative; content:"|A2|"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"|5C 00|n|00|d|00|d|00|e|00|a|00|p|00|i|00 00 00|"; within:18; distance:51; nocase; reference:bugtraq,11372; reference:cve,2004-0206; classtype:protocol-command-decode; sid:2102957; rev:5; metadata:created_at 2010_09_23, cve CVE_2004_0206, signature_severity Informational, updated_at 2024_03_14;)
Exploit-DB
Microsoft NetDDE Service - Remote Overflow (MS04-031) (Metasploit)
exploitdb·2010-07-03
CVE-2004-0206 Microsoft NetDDE Service - Remote Overflow (MS04-031) (Metasploit)
Microsoft NetDDE Service - Remote Overflow (MS04-031) (Metasploit)
---
##
# $Id: ms04_031_netdde.rb 9669 2010-07-03 03:13:45Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Microsoft NetDDE Service Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in the NetDDE service, which is the
precursor to the DCOM interface. This exploit effects only operating systems
released prior to Windows XP SP1 (2000 SP4, XP SP0). Despite Microsoft's claim
that this vulnerability can be exploited without authentication, the N
Exploit-DB
Microsoft Windows - NetDDE Remote Buffer Overflow (MS04-031)
exploitdb·2004-12-31
CVE-2004-0206 Microsoft Windows - NetDDE Remote Buffer Overflow (MS04-031)
Microsoft Windows - NetDDE Remote Buffer Overflow (MS04-031)
---
/* HOD-ms04031-netdde-expl.c: 2004-12-30: PUBLIC v.0.2
*
* Copyright (c) 2004 houseofdabus.
*
* (MS04-031) NetDDE buffer overflow vulnerability PoC
*
*
*
*
* .::[ houseofdabus ]::.
*
*
*
* (special unstable version)
* ---------------------------------------------------------------------
* Description:
* A remote code execution vulnerability exists in the NetDDE
* services because of an unchecked buffer. An attacker who
* successfully exploited this vulnerability could take complete
* control of an affected system. However, the NetDDE services are
* not started by default and would have to be manually started for
* an attacker to attempt to remotely exploit this vulnerability.
* This vulnerability could also be used to attem
Metasploit
MS04-031 Microsoft NetDDE Service Overflow
metasploit
MS04-031 Microsoft NetDDE Service Overflow
MS04-031 Microsoft NetDDE Service Overflow
This module exploits a stack buffer overflow in the NetDDE service, which is the precursor to the DCOM interface. This exploit effects only operating systems released prior to Windows XP SP1 (2000 SP4, XP SP0). Despite Microsoft's claim that this vulnerability can be exploited without authentication, the NDDEAPI pipe is only accessible after successful authentication.
Bugzilla
CVE-2005-0206 security flaw
bugzilla·2018-08-16·CVSS 10.0
CVE-2005-0206 [CRITICAL] CVE-2005-0206 security flaw
CVE-2005-0206 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
Bugzilla
CVE-2008-1374 cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
bugzilla·2008-03-20·CVSS 10.0
CVE-2008-1374 [CRITICAL] CVE-2008-1374 cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
CVE-2008-1374 cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
It was discovered that patch applied to cups packages as shipped in Red Hat
Enterprise Linux 3 and 4 to address security issues in xpdf code known as
CVE-2004-0888 / CVE-2005-0206 was incomplete.
On certain platforms, malicious pdf file could still cause a crash or possibly
cause code execution when it's processed by pdftops filter.
This issue affects 64-bit platforms. cups packages in Red Hat Enterprise Linux
5 are not affected by this problem.
Discussion:
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0206.html
Bugzilla
CAN-2004-0888 xpdf issues affect cups (CAN-2005-0206)
bugzilla·2005-02-08
[MEDIUM] CAN-2004-0888 xpdf issues affect cups (CAN-2005-0206)
CAN-2004-0888 xpdf issues affect cups (CAN-2005-0206)
*** This bug has been split off bug 135378 ***
This issue affects RHEL4 as well.
------- Original comment by Mark J. Cox (Security Response Team) on 2004.10.12
07:50 -------
CUPS contains a stripped down version of xpdf. Recent issues have
been found in xpdf 2 that can result in integer overflows causing bad
memory allocation or out of bounds writes. It's not expected these
can cause arbitrary code execution, more likely to be DoS crashers.
Embargoed until October 20th 1400UTC
Patch to follow
CVE names to follow
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to
http://marc.info/?l=bugtraq&m=109786703930674&w=2http://secunia.com/advisories/12803/http://www.kb.cert.org/vuls/id/640488http://www.securityfocus.com/bid/11372https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-031https://exchange.xforce.ibmcloud.com/vulnerabilities/16556https://exchange.xforce.ibmcloud.com/vulnerabilities/17657https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1852https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2394https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3120https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3242https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4592https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5074https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6788http://marc.info/?l=bugtraq&m=109786703930674&w=2http://secunia.com/advisories/12803/http://www.kb.cert.org/vuls/id/640488http://www.securityfocus.com/bid/11372https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-031https://exchange.xforce.ibmcloud.com/vulnerabilities/16556https://exchange.xforce.ibmcloud.com/vulnerabilities/17657https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1852https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2394https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3120https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3242https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4592https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5074https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6788
2004-11-03
Published