GEN:SID | 1:2938 |
Message | NETBIOS SMB-DS NDdeSetTrustedShareW overflow attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in Microsoft Network Dynamic Data Exchange (NetDDE) services.
|
Impact | Serious. Execution of arbitrary code with system level privileges
|
Detailed Information | A vulnerability exists in Microsoft NetDDE that may allow an attacker to run code of their choosing with system level privileges. A programming error in the handling of network messages may give an attacker the opportunity to overflow a fixed length buffer by using a specially crafted NetDDE message.
This service is not started by default on Microsoft Windows systems, but this issue can also be exploited locally in an attempt to escalate privileges after a successful attack from an alternate vector.
|
Affected Systems | Microsoft Windows NT, 2000, 2003, XP, 98 and ME systems.
|
Attack Scenarios | An attacker needs to craft a special NetDDE message in order to overflow the affected buffer.
|
Ease of Attack | Simple.
|
Corrective Action | Apply the appropriate vendor supplied patches
Disable the NetDDE service.
|
Additional References | Microsoft Security Bulletin MS04-031: http://www.microsoft.com/technet/security/bulletin/ms04-031.mspx
|
Rule References | bugtraq: 11372
cve: 2004-0206
|