VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Mostly harmless

Peter Ferrie, Frédéric Perriot
Virus Bulletin, Aug 2004, pp. 5-8
ISSN 0956-9979
August 2004

PDFDownload PDF (45.6Kb) (You need to be registered on forum)
[Back to index] [Comments]


The LSASS vulnerability of Microsoft security bulletin MS04-011 affects Windows 2000 and XP, the two most widespread Microsoft operating systems today. It is a stack overflow, hence easily and reliably exploitable - and eEye was kind enough to provide the world with thorough documentation of the possible exploitation vectors.

Following in the path of previous high-profile vulnerabilities, the LSASS bug was quickly targeted by proof-of-concept exploits, themselves reused in worms including W32/Sasser.A. Despite the publicity that surrounded Sasser due to its immediate success following its appearance (30 April 2004), this was not the first worm to make use of the vulnerability: some LSASS-exploiting Gaobot variants had surfaced about a week earlier. However, it was the automated infection of new systems that was the decisive factor in making Sasser more widespread.

[Read the article]

By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! aka