[Dshield] CA eTrust TARGET Advisory - Monitoring New"Attack"Activity

Thor Larholm thor at pivx.com
Thu Oct 2 02:21:46 GMT 2003

> From: Rick Klinge [mailto:rick at jaray.net] 
> I don't know for sure .. but windows users might 
> want to disable the remote registry services. 
> I can't see how visiting a web site, with a 
> patched Microsoft system, would 'still' allow the 
> execution/exploit to alter the clients host file. 
> Could it be there is an exploit with the 
> remote registry service?

This has nothing to do with the remote registry services or Client DNS
Service, it's also not a new exploit and it works just fine on a fully
patched Microsoft system. The vulnerability that is being exploited is
the Object Data variation, one of 31 publicly known unpatched
vulnerabilities in Internet Explorer.

Microsoft is re-releasing MS03-032 to fix this variation, my estimate is
you will see the patch either today (Wednesday, not likely given the
late hour) or next Wednesday (more likely).

Thor Larholm
PivX Solutions, LLC - Senior Security Researcher
http://www.pivx.com/larholm/unpatched - Unpatched IE vulnerabilities

More information about the list mailing list