CVE-2004-0206

Exp

Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.

Published: 2004-11-03 Last update: 2026-04-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2004-0206 is rated High Exploit Risk (79/100): CVSS High severity, with high exploitation likelihood (EPSS 80.40%, 99th percentile). 2 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2004-0206

EDB-ID Source Kind Published Link
16371 exploit_db edb 2010-07-03 Exploit-DB ↗
734 exploit_db edb 2004-12-31 Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2004-0206

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-10-23 81.05% 80.40% -0.65%
2 2025-10-01 80.40% 81.05% +0.65%
3 2025-03-30 80.40%

Full EPSS history (12 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2004-0206

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.5 2.0 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
 10.0 6.4 [email protected]

Weakness enumeration for CVE-2004-0206

Affected software / configurations for CVE-2004-0206

Vendor Product Version Raw CPE
microsoft windows_2000 cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
microsoft windows_2003_server r2 cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
microsoft windows_98 cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
microsoft windows_nt 4.0 cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
microsoft windows_xp cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*

References for CVE-2004-0206

URL Tags
http://marc.info/?l=bugtraq&m=109786703930674&w=2
http://secunia.com/advisories/12803/
http://www.kb.cert.org/vuls/id/640488 Patch Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/11372
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-031
https://exchange.xforce.ibmcloud.com/vulnerabilities/16556
https://exchange.xforce.ibmcloud.com/vulnerabilities/17657
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1852
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2394
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3120
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3242
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4592
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5074
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6788
cvelogic Threat Intelligence