[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] re: First Report : New Blaster?

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] re: First Report : New Blaster?
From: "Willem Koenings" <isec@xxxxxxxxxx>
Date: Fri, 23 Apr 2004 08:15:21 -0500

> Heya folks. Can I claim possible new Blaster type execution on Windows XP
> SP2 (Buid v. 2096)? Nothing reported by major vendors, but ... 

I don't think so. Beside MS04-007 ASN.1 Remote DoS Exploit, there is
worm called Sepuc. It uses multistage infection method via IE/chm
and injects two dll files to lsass process space thus causing lsass
to crash.

W.


-- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] re: First Report : New Blaster?
  - From: Joe Stewart

Prev by Date: Re: [Full-Disclosure] Linux kernel exploits
Next by Date: [Full-Disclosure] Re: [VulnWatch] TCP Reset Attacks: Paper and Code Now Availble
Previous by thread: [Full-Disclosure] Perl code exploiting TCP window vuln.
Next by thread: Re: [Full-Disclosure] re: First Report : New Blaster?
Index(es):
- Date
- Thread