[Dshield] Microsoft ASN.1

Johannes B. Ullrich jullrich at sans.org
Sat Feb 14 03:51:51 GMT 2004


On Fri, 2004-02-13 at 22:18, Velis, Alain wrote:
> Symantec states that W32.Welchia.B.Worm targets IIS 5 - vulnerable to
> MS04-007

Welchia.B uses the WebDav exploit against IIS (MS03-007). This is
the same exploit used by Welchia-A. You will see the 'SEARCH'
request in your web access log.

In addition to the RPC (MS03-026) and WebDav (MS03-007) exploit,
Welchia B exploit the workstation service overflow (MS03-049) and
locator service vulnerability (MS03-001).



> 
> Symantec upgraded this worm to cat. 3
> 
> AV
> 
> -----Original Message-----
> From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
> Of john beck
> Sent: Friday, February 13, 2004 4:25 PM
> To: list at dshield.org
> Subject: Re: [Dshield] Microsoft ASN.1
> 
> Any reports of exploits in the wild for this vulnerability yet (MS04-007)?
> Worms, scripts, etc?
> 
> TIA
> John
> 
> _________________________________________________________________
> Get some great ideas here for your sweetheart on Valentine's Day - and 
> beyond. http://special.msn.com/network/celebrateromance.armx
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
-- 
CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm




More information about the list mailing list