[Dshield] nsiislog.dll probe

rushing@jorsm.com rushing at jorsm.com
Mon Oct 20 18:29:31 GMT 2003


Going through my Apache logs for anomalous events and I see a request for
nsiislog.dll last Tuesday from 80.178.68.4.  It appears that 80.178.68.4
is in an Israeli DSL netblock.

A little Google searching turned up

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-022.asp

and

http://www.securityfocus.com/bid/8035/info/

Which describe a buffer overflow announced in late June 2003.  At that
time, the description said there was no known working exploit in the wild
but that it was exploitable.

Perhaps someone is seeing how widespread it is before bothering to write
exploit code?






More information about the list mailing list