The Yin and the Yang: A Sordid Tale of Information Security, OR DCOM, Netcat, and a Live Response, OH MY!

The exploit that this paper will cover is one that has been in use for some time - the buffer overrun vulnerability that was discovered in the majority of Microsoft's Operating Systems' RPC DCOM handling. This vulnerability was found in July 2003 by a group known as LSD, or Last Stage of Delirium [1]. Microsoft released a Security Bulletin (MS03-026) that addressed this with a patch on July 16, 2003. The particular exploit code relevant to this vulnerability that is employed in this paper is a Windows port of H.D. Moore's dcom.c code [2] called DcomExpl_UnixWin32.