Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DCOM Exploit MS03-026 attack vectors

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 01 Aug 2003 22:44:07 +1200
"Paul Tinsley" <pdt () jackhammer org> wrote:


Microsoft owns up to the exploit being usable on 135, 139 and 445, I have
heard rumors of port 80 being vulnerable as well.  ...


Brad Bemis is right -- other ports (and not just port 80) associated 
with IIS _if_  COM Internet Services is enabled are also exploitable.


...  I was curious as to
whether anyone had seen anything using a port other than 135?  ...


Look for messages by Todd Sabin in Bugtraq and/or NTBugtraq and/or 
VulnWatch and/or Full-Disclosure for more details.


...  Everything I
have seen discussed here and elsewhere has been 135 specific.


Well, it is the most widely supported default interface that is 
vulnerable.  It would be a very unusual machine that is vulnerable on 
some other port and _NOT_ on 135, so what is the payoff for writing an 
exploit (at least a "prrof of concept") that tries other ports?


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: