[Dshield] CA eTrust TARGET Advisory - Monitoring New"Attack"Activity
thor at pivx.com
Thu Oct 2 02:21:46 GMT 2003
> From: Rick Klinge [mailto:rick at jaray.net]
> I don't know for sure .. but windows users might
> want to disable the remote registry services.
> I can't see how visiting a web site, with a
> patched Microsoft system, would 'still' allow the
> execution/exploit to alter the clients host file.
> Could it be there is an exploit with the
> remote registry service?
This has nothing to do with the remote registry services or Client DNS
Service, it's also not a new exploit and it works just fine on a fully
patched Microsoft system. The vulnerability that is being exploited is
the Object Data variation, one of 31 publicly known unpatched
vulnerabilities in Internet Explorer.
Microsoft is re-releasing MS03-032 to fix this variation, my estimate is
you will see the patch either today (Wednesday, not likely given the
late hour) or next Wednesday (more likely).
PivX Solutions, LLC - Senior Security Researcher
http://www.pivx.com/larholm/unpatched - Unpatched IE vulnerabilities
More information about the list