Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Possibly a stupid question RPC over HTTP
From: Barry Fitzgerald <bkfsec () sdf lonestar org>
Date: Wed, 13 Oct 2004 15:42:07 -0400

Daniel H. Renner wrote:


Could you please point out where you read this data?  I would like to
see this one...

I seem to remember that this was one of the caveats with regard to MSBlast and RPC/DCOM vulnerabilities last year.

In certain configurations, it was theoretically possible (I'd never personally seen any PoC code or worms that exploited it, though) that some RPC calls could be made via RPC over HTML. According to the security bulletin for MS03-026, the service that provides RPC over HTML is COM Internet Services (CIS). From what I recall, it was discussed at the time as a potential infection vector, though CIS is not installed by default on IIS installs. There were, at the time, very few sites that utilized it. Feel free to correct me if I'm wrong, though.

Please see the MS03-026 bulletin for some more points:


Go down to the "Frequently asked Questions" section, expand it, and look at the section that discusses CIS for more information. I'm sure that this will give you enough information to do some more searching for further information on current versions of CIS and determining whether they're installed.


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]