Handler on Duty: Johannes Ullrich
Threat Level: green
Loading...
|
|
Submitted By | Date |
---|---|
Comment | |
Nick FitzGerald | 2005-09-13 02:06:58 |
Spike 31 Aug thru early September 2005 probably due to remotely exploitable login username buffer overflow in DameWare Mini Remote Control Client Agent Service (dwrcs.exe): http://www.frsirt.com/english/advisories/2005/1596 Reported to affect 4.0 thru, but not including, 4.9.0. Various versions of this agent are often surreptitiously installed by malware as a backdoor, so random scanning may turn up more installations than might otherwise be expected. | |
ChrisA | 2004-04-28 00:21:35 |
There is at least one known buffer overflow vulnerablity in versions prior to 3.73. This vulnerablity may permit an unauthenticated attacker from executing code on your system. | |
Jerry Davis | 2004-01-03 07:35:13 |
I have also seen quite a few successful entries via this port from dameware mini r/c. It also seems to be connected to slim FTP that shows up at the same time of infection. | |
Andreas | 2003-12-22 23:18:25 |
Probably related to http://www.securiteam.com/windowsntfocus/6N00B1P95I.html and/or http://www.k-otik.com/exploits/08.13.nfm-shatterdame.c.php. I've seen multiple successful intrusions via this service today. | |
Davis Ray Sickmon, Jr | 2003-12-22 07:41:30 |
Normally associated with DameWare and DameWare mini-RC, a remote control agent. |
CVE # | Description |
---|