Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Bad news on RPC DCOM vulnerability

From: "V.O." <vosipov () tpg com au>
Date: Sat, 11 Oct 2003 11:37:15 +1000
Yeah, but the original poster 3APA3A withheld the actual exploit, which is
available on that site.

----- Original Message ----- 
From: "Vladimir Parkhaev" <vladimir () arobas net>


Funny enough, it is a russian translatiion of the original message you
replying to:



----- Original Message ----- 
From: "3APA3A" <3APA3A () SECURITY NNOV RU>
To: <bugtraq () securityfocus com>; <full-disclosure () lists netsys com>;
<NTBUGTRAQ () LISTSERV NTBUGTRAQ COM>
Cc: <Secure () microsoft com>
Sent: Friday, October 10, 2003 6:48 PM
Subject: Bad news on RPC DCOM vulnerability



Dear bugtraq () securityfocus com,

There are few bad news on RPC DCOM vulnerability:

1.  Universal  exploit  for  MS03-039  exists in-the-wild, PINK FLOYD

is

again actual.
2.  It  was  reported  by exploit author (and confirmed), Windows XP

SP1

with  all  security  fixes  installed still vulnerable to variant of

the

same bug. Windows 2000/2003 was not tested. For a while only DoS

exploit

exists,  but  code execution is probably possible. Technical details

are

sent to Microsoft, waiting for confirmation.

Dear  ISPs.  Please  instruct  you customers to use personal fireWALL

in

Windows XP.

-- 
http://www.security.nnov.ru
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   }
+-------------o66o--+ /
                    |/
You know my name - look up my number (The Beatles)








_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: