[Snort-sigs] Signature Definition #1023, 15 of 20

Esler, Joel Contractor EslerJ at ...785...
Mon Jun 9 09:21:10 EDT 2003

 Rule: -- WEB-IIS msadcs.dll access 
 Sid: -- 1023
 Summary: -- This string detects "/msadcs.dll" in traffic in flow to
webservers defined.  
 Impact: -- Unpatched vulnerabilities in older versions of Microsoft IIS can
lead to admin access to the webserver
 Detailed Information: -- Any older vulnerabilities found in Microsoft IIS
can be exploited via a buffer overflow using this file.  This Signature
detects the request for this file in attack strings.
 Affected Systems: -- Any that have the software installed
 Attack Scenarios: -- Slim to Dangerous
 Ease of Attack: -- Moderate
 False Positives: -- Unknown
 False Negatives: -- Unknown
 Corrective Action: -- Patch vulnerable servers and block unauthroized
access to webpages at the router.  Proxy all webpages.
 Contributors: -- Joel Esler
 Additional References: bugtraq,529; cve,CVE-1999-1011


More information about the Snort-sigs mailing list