'[Full-Disclosure] DCOM Exploit MS03-026 attack vectors'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-Disclosure] DCOM Exploit MS03-026 attack vectors
From:       "Paul Tinsley" <pdt () jackhammer ! org>
Date:       2003-07-31 3:38:26
[Download RAW message or body]

Microsoft owns up to the exploit being usable on 135, 139 and 445, I have
heard rumors of port 80 being vulnerable as well.  I was curious as to
whether anyone had seen anything using a port other than 135?  Everything I
have seen discussed here and elsewhere has been 135 specific.

 

Thanks,

Paul Tinsley

Email:   <pdt@jackhammer.org>

Web:     http://www.jackhammer.org

Phone:   +1 615 973-5353

Pager:   +1 615 960-7766

Mail:    2228 Spartan Ct.

         Murfreesboro, TN 37128-5395

 


[Attachment #3 (text/html)]

<html xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="PostalCode"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="State"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="City"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="place"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="Street"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="address"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman";}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{color:purple;
	text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:10.0pt;
	font-family:"Courier New";}
span.EmailStyle18
	{mso-style-type:personal-compose;
	font-family:Arial;
	color:windowtext;}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.25in 1.0in 1.25in;
	mso-footer-margin:.5in;}
div.Section1
	{page:Section1;}
-->
</style>

</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Microsoft owns up to the exploit being usable on 135, 139
and 445, I have heard rumors of port 80 being vulnerable as well.&nbsp; I was
curious as to whether anyone had seen anything using a port other than
135?&nbsp; Everything I have seen discussed here and elsewhere has been 135
specific.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Thanks,<o:p></o:p></span></font></p>

<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Paul Tinsley<o:p></o:p></span></font></p>

<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Email:&nbsp;&nbsp; &lt;pdt@jackhammer.org&gt;<o:p></o:p></span></font></p>

<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Web:&nbsp;&nbsp;&nbsp;&nbsp; http://www.jackhammer.org<o:p></o:p></span></font></p>

<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Phone:&nbsp;&nbsp; +1 615 973-5353<o:p></o:p></span></font></p>

<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Pager:&nbsp;&nbsp; +1 615 960-7766<o:p></o:p></span></font></p>

<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Mail:&nbsp;&nbsp;&nbsp; <st1:Street w:st="on"><st1:address w:st="on">2228
  Spartan Ct.</st1:address></st1:Street><o:p></o:p></span></font></p>

<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <st1:place w:st="on"><st1:City
 w:st="on">Murfreesboro</st1:City>, <st1:State w:st="on">TN</st1:State> <st1:PostalCode
 w:st="on">37128-5395</st1:PostalCode></st1:place><o:p></o:p></span></font></p>

<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p>&nbsp;</o:p></span></font></p>

</div>

</body>

</html>


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic