http://www.smh.com.au/news/breaking/more-worms-likely-expert/2005/08/19/1123958226299.html By Sam Varghese August 19, 2005 More worms could be in the works to exploit unpatched vulnerabilities in Microsoft's products, a US security professional says. Marc Maiffret, chief hacking officer of eEye Digital Security, said two critical flaws, among eight discovered by the company [1], could be exploited by worms. The details of all eight have been posted on the company's website. Maiffret would not specify which of the eight were open to remote exploits. "Two of them are remotely exploitable and they are also both on the magnitude of the PNP vulnerability," Maiffret said, referring to the flaw in Microsoft Windows which was exploited by the Zotob worm and numerous other variants over the past week. "But you never know with worms, (it) really just depends if there is someone that cares to write one." eEye follows a policy of releasing limited information about a vulnerability publicly while sending full details to the vendor. Although the company considers 60 days sufficient time to fix any flaw, it discloses full details of a bug only after the vendor has released a fix. Full details of the eight vulnerabilities in Microsoft products have been sent to the vendor, one as long as four months ago. Two vulnerabilities in the Real Audio player and one in Macromedia's products have also been listed. eEye first shot to prominence in 2001 when it discovered a vulnerability in Microsoft's IIS web server which was later exploited by a worm named Code Red, causing major problems on the internet. [1] http://www.eeye.com/html/research/upcoming/index.html _________________________________________ Attend ToorCon Sept 16-18th, 2005 Convention Center San Diego, California www.toorcon.org
This archive was generated by hypermail 2.1.3 : Mon Aug 22 2005 - 01:37:23 PDT