Handler on Duty: Didier Stevens
Threat Level: green
Loading...
|
|
||||||||||||||||||||||||||||
| Submitted By | Date |
|---|---|
| Comment | |
| Nick FitzGerald | 2005-09-13 02:06:58 |
| Spike 31 Aug thru early September 2005 probably due to remotely exploitable login username buffer overflow in DameWare Mini Remote Control Client Agent Service (dwrcs.exe): http://www.frsirt.com/english/advisories/2005/1596 Reported to affect 4.0 thru, but not including, 4.9.0. Various versions of this agent are often surreptitiously installed by malware as a backdoor, so random scanning may turn up more installations than might otherwise be expected. | |
| ChrisA | 2004-04-28 00:21:35 |
| There is at least one known buffer overflow vulnerablity in versions prior to 3.73. This vulnerablity may permit an unauthenticated attacker from executing code on your system. | |
| Jerry Davis | 2004-01-03 07:35:13 |
| I have also seen quite a few successful entries via this port from dameware mini r/c. It also seems to be connected to slim FTP that shows up at the same time of infection. | |
| Andreas | 2003-12-22 23:18:25 |
| Probably related to http://www.securiteam.com/windowsntfocus/6N00B1P95I.html and/or http://www.k-otik.com/exploits/08.13.nfm-shatterdame.c.php. I've seen multiple successful intrusions via this service today. | |
| Davis Ray Sickmon, Jr | 2003-12-22 07:41:30 |
| Normally associated with DameWare and DameWare mini-RC, a remote control agent. | |
| CVE # | Description |
|---|
© 2024 SANS™ Internet Storm Center
Developers: We have an API for you! 