[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] New REmote Windows Exploit (MS04-029)

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] New REmote Windows Exploit (MS04-029)
From: Michael Riedel <mike@xxxxxxxxxxxxxx>
Date: Thu, 04 Nov 2004 11:07:47 -0500

Ok so I was dumb enough to run it. Anyone else catch what commands they run/ know of a way to track. I really don't feel like re-compiling gentoo.

-mike

Vincent Archer wrote:

On Thu, Nov 04, 2004 at 02:32:33PM +0100, Ferdinand Klinzer wrote:

It´s a simple perl script...

and i don´t think you can call it an remote exploit?

It's more subtle than you think.
The "exploit" is supposed to try to open a cmd tool on 31337 (eleet) on
a target Windows. It fails; the window system is secure... but meanwhile,
there's a perl IRC bot running in the background of *your* system.
It's not a remote exploit, it's a trojan targeting the readers of this
list.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] New REmote Windows Exploit (MS04-029)
  - From: Valdis . Kletnieks

References:
- RE: [Full-Disclosure] New REmote Windows Exploit (MS04-029)
  - From: Rich Parsons
- RE: [Full-Disclosure] New REmote Windows Exploit (MS04-029)
  - From: raza
- Re: [Full-Disclosure] New REmote Windows Exploit (MS04-029)
  - From: DanB UK
- Re: [Full-Disclosure] New REmote Windows Exploit (MS04-029)
  - From: Ferdinand Klinzer
- Re: [Full-Disclosure] New REmote Windows Exploit (MS04-029)
  - From: Vincent Archer

Prev by Date: Re: [Full-Disclosure] New Remote Windows Exploit (MS04-029)
Next by Date: [Full-Disclosure] Cross-Site-Scripting Vulnerability in Microsoft.com
Previous by thread: Re: [Full-Disclosure] New REmote Windows Exploit (MS04-029)
Next by thread: Re: [Full-Disclosure] New REmote Windows Exploit (MS04-029)
Index(es):
- Date
- Thread