Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:2964 |
| Message | NETBIOS SMB NDdeSetTrustedShareW andx overflow attempt |
| Summary | This event is generated when an attempt is made to exploit a known vulnerability in Microsoft Network Dynamic Data Exchange (NetDDE) services. |
| Impact | Serious. Execution of arbitrary code with system level privileges |
| Detailed Information | A vulnerability exists in Microsoft NetDDE that may allow an attacker to run code of their choosing with system level privileges. A programming error in the handling of network messages may give an attacker the opportunity to overflow a fixed length buffer by using a specially crafted NetDDE message. This service is not started by default on Microsoft Windows systems, but this issue can also be exploited locally in an attempt to escalate privileges after a successful attack from an alternate vector. |
| Affected Systems | Microsoft Windows NT, 2000, 2003, XP, 98 and ME systems. |
| Attack Scenarios | An attacker needs to craft a special NetDDE message in order to overflow the affected buffer. |
| Ease of Attack | Simple. |
| Corrective Action | Apply the appropriate vendor supplied patches Disable the NetDDE service. |
| Additional References | Microsoft Security Bulletin MS04-031: http://www.microsoft.com/technet/security/bulletin/ms04-031.mspx |
| Rule References | bugtraq: 11372 cve: 2004-0206 |
--
DID:132090
--
http://www.aanval.com/