RE: IIS5 .idq exploit

["Marc Maiffret" <marc () eeye com>]

SANS is a bit behind the curve if they have just announced this today as
this has been around for a few weeks now. First on some geocities website,
then on packetstorm, then finally on the win2ksec mailing list (and a few
others).

As a side note... a few people have confused the .ida worm with hsj's
exploit... hsj's exploit is _not_ a worm. Just wanted to clear that up for
the handful of people I have seen misreporting things.

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities

|-----Original Message-----
|From: Jason Staples - CNW [mailto:ellis () cnw com]
|Sent: Wednesday, July 18, 2001 6:14 PM
|To: bugtraq () securityfocus com
|Subject: IIS5 .idq exploit
|
|
|
|SANS accounced its availability today, and after spending a bit of time
|searching, I finally found the new IIS5 exploit.
|
|http://www.geocities.co.jp/MotorCity/5319/iis5idq_exp.txt
|
|Regards,
|Jason
|
|+--------------------------------------+----------------------------+
|| Jason Staples          jason () cnw com | /"\                        |
|| Network Engineer    Security Analyst | \ /  ASCII Ribbon Campaign |
||                                      |  X    Against  HTML E-Mail |
|| Connect Northwest Internet Services. | / \    <!-- <HTML> -->     |
|+--------------------------------------+----------------------------+
|