[Dshield] 0 Day vulnerability in IIS and IE exploited

Stephane Grobety security at admin.fulgan.com
Fri Jun 25 05:36:38 GMT 2004

Hello everyone.

In the past days, an unknown group of criminals have started
exploiting a yet to be discovered 0-day exploit in Microsoft IIS window
to break into corporate web servers. Once in place, they add a page
footer on most pages served by the machine that contains a JAvascript
downloading a PHP file in Russia.

The PHP file exploits one or two previously unknown vulnerabilities in
IE to hack into clients connecting to the web server.

Details are still fuzzy at this moment, however there is a SANS report
up and you can find a discussion with an admin that has been hit on

SANS report:


Ars Technica thread:


Good luck,

More information about the list mailing list