Security Incidents mailing list archives
RE: new IIS exploit?
From: "David LeBlanc" <dleblanc () Exchange Microsoft com>
Date: Fri, 6 Feb 2004 19:47:38 -0800
It is either the .printer exploit, or a scan for possibly vulnerable systems. If you sent just a GET for /NULL.printer and got back a certain error response, you'd know that the .printer handler was enabled. You could then proceed with the rest of the exploit. If that's all you're getting, someone is probing for vulnerable systems. If you see that followed by "Host:[bunch of padding and shell code]", then it is the exploit. -----Original Message----- From: Sarbjit Singh Gill [mailto:ssgill () gilltechnologies com] Sent: Monday, February 02, 2004 5:13 PM To: jamie () nucdc org; incidents () securityfocus com Subject: RE: new IIS exploit? It looks like an old exploit as well. I could be wrong. It was the Internet Printing ISAPI extension exploit on IIS5. Here is the article. http://support.microsoft.com/default.aspx?scid=kb;en-us;296576 /Gill -----Original Message----- From: Jamie Pratt [mailto:jamie () nucdc org] Sent: Saturday, January 31, 2004 1:18 AM To: Subject: Re: new IIS exploit? havent seen that one myself, but here is one i just found that I havent seen either...: /<Rejected-By-UrlScan> ~/NULL.printer 404 regards, jamie ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
Current thread:
- Re: new IIS exploit? Russell J. Lahti (Feb 02)
- <Possible follow-ups>
- RE: new IIS exploit? Alan Melia (Melmac) (Feb 02)
- Re: new IIS exploit? Jamie Pratt (Feb 02)
- RE: new IIS exploit? Sarbjit Singh Gill (Feb 03)
- RE: new IIS exploit? David LeBlanc (Feb 10)