Security Incidents mailing list archives

Re: IE/WMP Exploit

From: Axel Pettinger <api () epost de>
Date: Tue, 15 Jun 2004 16:54:33 +0200

Carlos Kramer wrote:


I saw the 180solutions.com analysis and the stuff I've seen appears to 
be different and use a different exploit - maybe just a variation on a 
theme? But it overwrites wmplayer.exe and seems to use a WMP exploit 
as well as IE exploits.

It comprimises a fully patched Windows 2000, IE6, WMP7 machine.


Out of curiosity ... Is MS04-013 installed on your machine?

What you've seen looks like the Adodb.Stream and ms-its problem.

Regards,
Axel Pettinger

---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_incidents_040614
----------------------------------------------------------------------------

Current thread:

IE/WMP Exploit Carlos Kramer (Jun 15)
- Re: IE/WMP Exploit Axel Pettinger (Jun 15)
- <Possible follow-ups>
- Re: IE/WMP Exploit caldcv (Jun 15)
  - Re: IE/WMP Exploit Axel Pettinger (Jun 16)
- Re: IE/WMP Exploit Carlos Kramer (Jun 16)
  - Re: IE/WMP Exploit Axel Pettinger (Jun 16)