[Dshield] scans for MSADC bug?

Ed Truitt ed.truitt at etee2k.net
Wed Nov 27 13:04:51 GMT 2002


Looks as if someone is seeking an OWA (Outlook Web Access) server.  From
what I hear, unpatched versions of those do have several vulnerabilities.

Cheers,
Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9
http://www.etee2k.net
http://www.bsatroop148.org

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."

----- Original Message -----
From: "Tom Liston" <tliston at premmag.com>
To: <list at dshield.org>
Sent: Tuesday, November 26, 2002 3:06 PM
Subject: Re: [Dshield] scans for MSADC bug?


> I grepped log files looking for request from something trying to play
> with .dll files, and came across a bunch of these.
>
> Since I don't run IIS, this isn't a problem, but I was wondering if
> anyone had seen anything like it
>
> 213.132.58.13 - - [19/Nov/2002:03:04:12 -0600] "GET
> /_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0
> HTTP/1.1" 404 301 "-" "Mozilla/4.0 (compatible; MSIE 6.0;
> Windows NT 5.1)"
>
> -TL
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
>




More information about the list mailing list