[Dshield] scans for MSADC bug?

Ed Truitt ed.truitt at etee2k.net
Wed Nov 27 13:04:51 GMT 2002

Looks as if someone is seeking an OWA (Outlook Web Access) server.  From
what I hear, unpatched versions of those do have several vulnerabilities.

Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."

----- Original Message -----
From: "Tom Liston" <tliston at premmag.com>
To: <list at dshield.org>
Sent: Tuesday, November 26, 2002 3:06 PM
Subject: Re: [Dshield] scans for MSADC bug?

> I grepped log files looking for request from something trying to play
> with .dll files, and came across a bunch of these.
> Since I don't run IIS, this isn't a problem, but I was wondering if
> anyone had seen anything like it
> - - [19/Nov/2002:03:04:12 -0600] "GET
> /_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0
> HTTP/1.1" 404 301 "-" "Mozilla/4.0 (compatible; MSIE 6.0;
> Windows NT 5.1)"
> -TL
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:

More information about the list mailing list