On Thu, Jun 16, 2005 at 10:49:04AM -0400, wglulham@xxxxxxx wrote: > Is anyone aware of a currently popular worm that uses the Front Page > Server Extensions buffer vulnerability (Bulletin No. MS03-051)? > In the spirit of full disclosure here is the source code for it: http://packetstorm.linuxsecurity.com/0311-exploits/fp30reg.c > I'm sure you'd notice it reading your httpd logs, as it's a rather long > string of garbage. Also of note is the attempted execution of a file > called fp30reg.dll I'm definetly seeing it in my logs. > > Anyone? Is it a worm, or just a lot of DeVree look-alikes? > I'd respond to that but I think I validated this by linking to the source code in this email. -- Jon "Donkeys live a long time. None of you has ever seen a dead donkey." -- Old Benjamin
Attachment:
signature.asc
Description: Digital signature