Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2960 |
Message | NETBIOS SMB nddeapi andx bind attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in Microsoft Network Dynamic Data Exchange (NetDDE) services. |
Impact | Serious. Execution of arbitrary code with system level privileges |
Detailed Information | A vulnerability exists in Microsoft NetDDE that may allow an attacker to run code of their choosing with system level privileges. A programming error in the handling of network messages may give an attacker the opportunity to overflow a fixed length buffer by using a specially crafted NetDDE message. This service is not started by default on Microsoft Windows systems, but this issue can also be exploited locally in an attempt to escalate privileges after a successful attack from an alternate vector. |
Affected Systems | Microsoft Windows NT, 2000, 2003, XP, 98 and ME systems. |
Attack Scenarios | An attacker needs to craft a special NetDDE message in order to overflow the affected buffer. |
Ease of Attack | Simple. |
Corrective Action | Apply the appropriate vendor supplied patches Disable the NetDDE service. |
Additional References | Microsoft Security Bulletin MS04-031: http://www.microsoft.com/technet/security/bulletin/ms04-031.mspx |
Rule References | bugtraq: 11372 cve: 2004-0206 |
--
DID:181830
--
http://www.aanval.com/