Oval Definition:oval:org.mitre.oval:def:5074
Revision Date:2011-05-16Version:21
Title:Windows XP (32-Bit) Unchecked Buffer in NetDDE
Description:Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2004-0206
Platform(s):Microsoft Windows XP
Product(s):NetDDE
Definition Synopsis
  • Windows XP is installed
  • AND 32-Bit version of Windows is installed
  • AND NOT Win2K/XP/2003 service pack 2 (or later) is installed
  • AND a vulnerable version of nddenb32.dll exists
  • no service pack is installed and a vulnerable version of nddenb32.dll exists
  • NOT Win2K/XP/2003 is patched
  • AND the version of nddenb32.dll is less than 5.1.2600.149
  • OR Service Pack 1 is installed and a vulnerable version of nddenb32.dll exists
  • Win2K/XP/2003/Vista service pack 1 is installed
  • AND the version of nddenb32.dll is less than 5.1.2600.1555
  • AND a vulnerable version of netdde.exe exists
  • no service pack is installed and a vulnerable version of netdde.exe exists
  • NOT Win2K/XP/2003 is patched
  • AND the version of netdde.exe is less than 5.1.2600.158
  • OR Service Pack 1 is installed and a vulnerable version of netdde.exe exists
  • Win2K/XP/2003/Vista service pack 1 is installed
  • AND the version of netdde.exe is less than 5.1.2600.1567
  • AND NOT the patch KB841533 is installed
    • BACK