[Dshield] MS05-026 in the wild?

Paul Marsh pmarsh at nmefdn.org
Mon Jun 20 18:46:01 GMT 2005


 
I was just reading today's diary and noticed this, does anyone have any
details on this?

Thanx, Paul


MS05-026 exploits in the field
The first incident of my shift involved an active exploit of MS05-026. A
spam message was blasted out to potential "customers," including the
link to the poisoned website. It leveraged the MS05-026
(http://www.microsoft.com/technet/security/bulletin/MS05-026.mspx) HTML
Help remote code execution vulnerability to install a Haxdoor variant on
the visitor. 




More information about the list mailing list