[Dshield] 0-day exploit: Msdds.dll

Chris Wright dshield at yaps4u.net
Thu Aug 18 22:10:38 GMT 2005


 

> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Chris Wright
> Sent: Thursday, August 18, 2005 6:55 PM
> To: 'General DShield Discussion List'
> Subject: Re: [Dshield] 0-day exploit: Msdds.dll
> 
> > -----Original Message-----
> > From: list-bounces at lists.dshield.org
> > [mailto:list-bounces at lists.dshield.org] On Behalf Of J Lake
> > Sent: Thursday, August 18, 2005 1:04 PM
> > To: General DShield Discussion List
> > Subject: Re: [Dshield] 0-day exploit: Msdds.dll
> > 
> > On Thursday 18 August 2005 07:54 am, Orlando Richards wrote:
> > > I was unable to find the dll file on a "clean" XPSP2
> > installation with
> > > no additional applications installed.
> > >
> > > I did find it on a machine with a heap of applications installed 
> > > (including Office XP and .NET framework). It was in C:\Program 
> > > Files\Common Files\Microsoft Shared\MSDesigners7
> > 
> > I was unable to find the file on a XPSP2 with Office XP but no .NET 
> > framework, so it seems like it is .NET specific
> > 
> 
> A reply to a post on the MS Security Forum suggested to me 
> that it was installed along with VB and again mentioned Office 2003.
> 
> I'll dig it out later if there is any other info in it, or if 
> any more replies come back.
> 

This was posted to MS Technet by one of the MVP's in response to a request
from me for any info on the original report.

<quote>

The incident handler's diary at www.incidents.org had something on this on
Wednesday 8/17 I believe.  They were having trouble reproducing it.

Definitely releasing exploit code directly to the public without first
notifying the vendor makes things hard for customers.  Some argue that this
makes the vendor make a more secure product faster... but what happens is
the vendor spends time, effort and money running around for emergencies,
time and money that could have been spent improving security in other ways.

<\quote>

Regards

Chris



More information about the list mailing list