[Dshield] Security Alert: Remote Vulnerability in Internet Explorer via DCOM

Kenneth Porter shiva at sewingwitch.com
Mon Jul 8 12:14:52 GMT 2002


On Fri, 2002-07-05 at 05:58, John Sage wrote:

> I believe the point is, as has been often stated, that many many
> people use a password such as "password" or their last name, or
> somesuch...
> 
> Given that generally most people's passwords are very insecure, and,
> say, a staff directory, you'd be into many corporate computer systems,
> right quick.

So the implication is that anyone with your login password can snoop on
your DCOM sessions, particularly your IE traffic. Even if it uses HTTPS.

Anyone know the characteristics of DCOM traffic? Does it use specific
ports? Or is it a portmapper/RPC thing with dynamic ports?

Fortunately, I use Opera, and fall back to IE only for some brain-dead
sites that think IE is the only browser out there.




More information about the list mailing list