[Dshield] 0 Day vulnerability in IIS and IE exploited

Stephane Grobety security at admin.fulgan.com
Fri Jun 25 05:36:38 GMT 2004


Hello everyone.

In the past days, an unknown group of criminals have started
exploiting a yet to be discovered 0-day exploit in Microsoft IIS window
to break into corporate web servers. Once in place, they add a page
footer on most pages served by the machine that contains a JAvascript
downloading a PHP file in Russia.

The PHP file exploits one or two previously unknown vulnerabilities in
IE to hack into clients connecting to the web server.

Details are still fuzzy at this moment, however there is a SANS report
up and you can find a discussion with an admin that has been hit on
ArsTechnica.

SANS report:

http://isc.incidents.org/diary.php?date=2004-06-24&isc=ab464ebd9b88be7bbd95c6b2adba5f54


Ars Technica thread:

http://episteme.arstechnica.com/eve/ubb.x?a=tpc&s=50009562&f=12009443&m=186001384631

Good luck,
Stephane




More information about the list mailing list