Reported October 12, 2004, by Microsoft

VERSIONS AFFECTED

  • Windows Server 2003
  • Windows XP Service Pack 1 (SP1) and earlier
  • Windows 2000
  • Windows NT Server 4.0

DESCRIPTION
A vulnerability in the Network Dynamic Data Exchange (NetDDE) services could result in the arbitrary execution of code on the vulnerable system. This vulnerability is a result of an unchecked buffer, and a potential attacker who successfully exploited the vulnerability could take complete control of an affected system.

VENDOR RESPONSE
Microsoft has released bulletin MS04-031, "Vulnerability in NetDDE Could Allow Remote Code Execution (841533)," to address this vulnerability and recommends that affected users apply the appropriate patch listed in the bulletin.

CREDIT
Discovered by John Heasman of Next Generation Security Software, Ltd.