Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Netsky.P Triggered, MSVC++ Constructed ISAPI Applications DoS - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Netsky.P Triggered, MSVC++ Constructed ISAPI Applications DoS
Netsky.P Triggered

-------------------------------------------------------------------



One of the lastest Netsky variants, Netsky.P, triggered and began mass mailing infected messages on March 24th between 1500 and 1800 GMT (assuming that the infected machine's clock is set correctly). Message Labs is reporting that it had intercepted over 200,000 messages as of midnight GMT.



More info:



http://www.messagelabs.com/viruseye/info/netskyp.asp





MSVC++ Constructed ISAPI Applications DoS

-------------------------------------------------------------------



Secunia is reporting that all applications constructed with Microsoft Visual C++ and MFC (Microsoft Foundation Classes) that use ISAPI (Internet Server Application Programming Interface) extensions may be vulnerable to DoS attacks.



The issue affects both Microsoft Visual C++ 6.0 and Microsoft Visual Studio 6.0 prior to Service Pack 6. Under heavy loads, applications compiled with the ISAPI extensions may produce invalid results when processing POST data, possibly resulting in access violations.



Recompiling applications after installing Service Pack 6 will fix the problem.



More info:



http://secunia.com/advisories/11199/





-------------------------------------------------------------------

Handler on duty: Tom Liston - < http://www.labreatechnologies.com >
Tom

160 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!