[Dshield] Well, there they are -- exploits for latest Microsoft vu lnerabilities

David Taylor ltr at isc.upenn.edu
Fri Oct 14 01:31:11 GMT 2005


I haven't heard about it being in the wild yet.  Canvas has a module but
that software costs around $25,000 so not sure I would call that in the
wild.  I figure it is only a matter of time before Metasploit has their
module and we all know where it goes from there.  :)


==================================================
David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security 
Philadelphia PA USA
(215) 898-1236
http://www.upenn.edu/computing/security/
================================================== 

SANS - The Twenty Most Critical Internet Security Vulnerabilities 
http://www.sans.org/top20/

SANS - Internet Storm Center
http://isc.sans.org

irc.freenode.net #dshielders
http://freenode.net/



-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Fergie (Paul Ferguson)
Sent: Thursday, October 13, 2005 9:18 PM
To: list at lists.dshield.org
Subject: Re: [Dshield] Well,there they are -- exploits for latest Microsoft
vu lnerabilities


Actually, I think the more likely vetor will be the MS05-051
exploit, but I figured everyone had already haeard about that
being in the wild. :-)

- ferg


-- Jim McCullough <jim.mccullough at gmail.com> wrote:

Batten down the hatches, bolt the doors, grab the hip wadders. I got a gut
feeling we are going to need them this weekend. From what I see, we will see
worms at the latest by Monday morning.

On 10/13/05, Fergie (Paul Ferguson) <fergdawg at netzero.net> wrote:
>
> Microsoft Windows FTP Client File Transfer Location Tampering Exploit
> (MS05-044)
> http://www.frsirt.com/exploits/20051013.ms05-044.c.php
>
> Microsoft Windows Network Connection Manager Local DoS Exploit (MS05-045)
> http://www.frsirt.com/exploits/20051013.ms05-045.c.php
>
> Microsoft Collaboration Data Objects Buffer Overflow PoC Exploit
> (MS05-048)
> http://www.frsirt.com/exploits/20051013.ms05-048.c.php
>
> Only the MS05-048 is considered to be "high risk", but word to
> the wise...
>
> - ferg
>
>
> --
> "Fergie", a.k.a. Paul Ferguson
> Engineering Architecture for the Internet
> fergdawg at netzero.net or fergdawg at sbcglobal.net
> ferg's tech blog: http://fergdawg.blogspot.com/
>


--
Jim McCullough



_________________________________________
Using .Net? Need to know more about .Net Security?
http://isc.sans.org/banner_count.php?dest=dotnet

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list