October 29th, 2006, 07:41 AM
MS 0Day shows up on milw0rm
A new MS exploit showed up on milw0rm yesterday — http://www.milw0rm.com/exploits/2672 (Code is written in Python and quite easy to follow)…
Microsoft Windows NAT Helper Components (ipnathlp.dll) 0day Remote DoS Exploit
The exploit requires Internet Connection Sharing to be enabled and requires that the attacker be on the shared interface (from what I’ve seen in my playing thus far).
Malicious Person — Computer with ICS — Internet
I ran Windows Updates on an XP SP2 machine immediately prior to testing this… so it *SHOULD* have been fully up-to-date
I've got additional details (and will be adding more in the morning when I've had a chance to do some more serious debugging) available at http://www.computerdefense.org/?p=149
I've also submitted this to both SANS ISC and MSRC to ensure they're aware of it
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".