[Dshield] 0-day exploit: Msdds.dll

Chris Wright dshield at yaps4u.net
Fri Aug 19 10:05:25 GMT 2005


 

> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Chris Wright
> Sent: Thursday, August 18, 2005 11:11 PM
> To: 'General DShield Discussion List'
> Subject: Re: [Dshield] 0-day exploit: Msdds.dll
> 
>  
> 
> > -----Original Message-----
> > From: list-bounces at lists.dshield.org
> > [mailto:list-bounces at lists.dshield.org] On Behalf Of Chris Wright
> > Sent: Thursday, August 18, 2005 6:55 PM
> > To: 'General DShield Discussion List'
> > Subject: Re: [Dshield] 0-day exploit: Msdds.dll
> > 
> > > -----Original Message-----
> > > From: list-bounces at lists.dshield.org 
> > > [mailto:list-bounces at lists.dshield.org] On Behalf Of J Lake
> > > Sent: Thursday, August 18, 2005 1:04 PM
> > > To: General DShield Discussion List
> > > Subject: Re: [Dshield] 0-day exploit: Msdds.dll
> > > 
> > > On Thursday 18 August 2005 07:54 am, Orlando Richards wrote:
> > > > I was unable to find the dll file on a "clean" XPSP2
> > > installation with
> > > > no additional applications installed.
> > > >
> > > > I did find it on a machine with a heap of applications 
> installed 
> > > > (including Office XP and .NET framework). It was in C:\Program 
> > > > Files\Common Files\Microsoft Shared\MSDesigners7
> > > 
> > > I was unable to find the file on a XPSP2 with Office XP 
> but no .NET 
> > > framework, so it seems like it is .NET specific
> > > 
> > 
> > A reply to a post on the MS Security Forum suggested to me 
> that it was 
> > installed along with VB and again mentioned Office 2003.
> > 
> > I'll dig it out later if there is any other info in it, or 
> if any more 
> > replies come back.
> > 
> 
> This was posted to MS Technet by one of the MVP's in response 
> to a request from me for any info on the original report.
> 
> <quote>
> 
> The incident handler's diary at www.incidents.org had 
> something on this on Wednesday 8/17 I believe.  They were 
> having trouble reproducing it.
> 
> Definitely releasing exploit code directly to the public 
> without first notifying the vendor makes things hard for 
> customers.  Some argue that this makes the vendor make a more 
> secure product faster... but what happens is the vendor 
> spends time, effort and money running around for emergencies, 
> time and money that could have been spent improving security 
> in other ways.
> 
> <\quote>
> 

Aha..Some noise from MS...

It seems that they have found that it may cause IE to exit unexpectedly.
Also that they know of no known exploit, but thanks to our friends who first
reported the problem, the tool is out there to go and create one.


<quote>
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: August 18, 2005
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Security Advisory (906267) 

  - Title:    A COM Object (Msdds.dll) Could Cause 
              Internet Explorer to Unexpectedly Exit


  - Reason For Update: Advisory published

  - Advisory Web site: http://go.microsoft.com/fwlink/?LinkId=51466

</quote>



Regards

Chris
--

Chris Wright
http://www.yaps4u.net
http://www.cwic-solutions.co.uk
 



More information about the list mailing list