Reported October 12, 2004, by Microsoft
A vulnerability in the Network Dynamic Data Exchange (NetDDE) services could result in the arbitrary execution of code on the vulnerable system. This vulnerability is a result of an unchecked buffer, and a potential attacker who successfully exploited the vulnerability could take complete control of an affected system.
Microsoft has released bulletin MS04-031, "Vulnerability in NetDDE Could Allow Remote Code Execution (841533)," to address this vulnerability and recommends that affected users apply the appropriate patch listed in the bulletin.
Discovered by John Heasman of Next Generation Security Software, Ltd.