[Dshield] 0-day exploit: Msdds.dll

Brance Amussen brance at jhu.edu
Fri Aug 19 02:58:21 GMT 2005


So, my first question would be, how much info does this MVP have, beyond explaining the trouble with vigilante consumer defense (who remembers Caveat emptor and all that these days?)..
And second, does he know the microsoft hasn't been informed?
I wonder if they will make a statement at all? You know someone in the know is monitoring this list, at the very least. I'd hate to think they weren't, but... um... maybe they don't think it worthwhile, or in their best PR interest?

<?xml version="1.0"?>
<shudder> to think </shudder> :)

(please for give the syntax joke, sometimes I just can't help it.. or maybe it's the beer...?)
 

Anyone else confirmed the vuln? I tried, but got no shell. I will say however that I just dropped it into the cgi-bin directory and hit it from another *fully patched* ;) XP machine with msdds.dll installed, nothing more, so it could have been me.. 

Brance :)_S



-----Original Message-----
From: list-bounces at lists.dshield.org on behalf of Chris Wright
Sent: Thu 8/18/2005 6:10 PM
To: 'General DShield Discussion List'
Subject: Re: [Dshield] 0-day exploit: Msdds.dll
 
 

> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Chris Wright
> Sent: Thursday, August 18, 2005 6:55 PM
> To: 'General DShield Discussion List'
> Subject: Re: [Dshield] 0-day exploit: Msdds.dll
> 
> > -----Original Message-----
> > From: list-bounces at lists.dshield.org
> > [mailto:list-bounces at lists.dshield.org] On Behalf Of J Lake
> > Sent: Thursday, August 18, 2005 1:04 PM
> > To: General DShield Discussion List
> > Subject: Re: [Dshield] 0-day exploit: Msdds.dll
> > 
> > On Thursday 18 August 2005 07:54 am, Orlando Richards wrote:
> > > I was unable to find the dll file on a "clean" XPSP2
> > installation with
> > > no additional applications installed.
> > >
> > > I did find it on a machine with a heap of applications installed 
> > > (including Office XP and .NET framework). It was in C:\Program 
> > > Files\Common Files\Microsoft Shared\MSDesigners7
> > 
> > I was unable to find the file on a XPSP2 with Office XP but no .NET 
> > framework, so it seems like it is .NET specific
> > 
> 
> A reply to a post on the MS Security Forum suggested to me 
> that it was installed along with VB and again mentioned Office 2003.
> 
> I'll dig it out later if there is any other info in it, or if 
> any more replies come back.
> 

This was posted to MS Technet by one of the MVP's in response to a request
from me for any info on the original report.

<quote>

The incident handler's diary at www.incidents.org had something on this on
Wednesday 8/17 I believe.  They were having trouble reproducing it.

Definitely releasing exploit code directly to the public without first
notifying the vendor makes things hard for customers.  Some argue that this
makes the vendor make a more secure product faster... but what happens is
the vendor spends time, effort and money running around for emergencies,
time and money that could have been spent improving security in other ways.

<\quote>

Regards

Chris


_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list





More information about the list mailing list