[Dshield] 0 Day vulnerability in IIS and IE exploited
security at admin.fulgan.com
Fri Jun 25 05:36:38 GMT 2004
In the past days, an unknown group of criminals have started
exploiting a yet to be discovered 0-day exploit in Microsoft IIS window
to break into corporate web servers. Once in place, they add a page
downloading a PHP file in Russia.
The PHP file exploits one or two previously unknown vulnerabilities in
IE to hack into clients connecting to the web server.
Details are still fuzzy at this moment, however there is a SANS report
up and you can find a discussion with an admin that has been hit on
Ars Technica thread:
More information about the list