MS04-031: Vulnerability NetDDE Could Allow Code Execution (841533) (uncredentialed check)

Critical Nessus Plugin ID 15572


Arbitrary code can be executed on the remote host.


The remote version of Windows is affected by a vulnerability in Network Dynamic Data Exchange (NetDDE).

An attacker may exploit this flaw to execute arbitrary code on the remote host with the SYSTEM privileges.


Microsoft has released patches for Windows NT, 2000, XP, and 2003.

See Also

Plugin Details

Severity: Critical

ID: 15572

File Name: netdde.nasl

Version: $Revision: 1.29 $

Type: remote

Agent: windows

Family: Windows

Published: 2004/10/27

Modified: 2017/08/30

Dependencies: 10150

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows_2000, cpe:/o:microsoft:windows_2003, cpe:/o:microsoft:windows_98, cpe:/o:microsoft:windows_nt, cpe:/o:microsoft:windows_xp

Required KB Items: SMB/name

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2004/10/12

Exploitable With


Metasploit (MS04-031 Microsoft NetDDE Service Overflow)

Reference Information

CVE: CVE-2004-0206

BID: 11372

OSVDB: 10689

MSFT: MS04-031

MSKB: 841533