This has been confirmed, just in case anyone was still fuzzy on this. "039 has 1 DoS and 2 (new) BOs. All of the info in 039 is "new" and doesn't recycle 026 info. Though 039 also includes 026 fixes, of course.
Important point - the NEW (ms03-039) bulletin is all NEW info." Exibar ----- Original Message ----- From: "Exibar" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; "Mike Tancsa" <[EMAIL PROTECTED]> Sent: Wednesday, September 10, 2003 3:05 PM Subject: Re: [Full-Disclosure] MS03-039 has been released - critical > To add to my previous reply. The DoS is the only thing in MS03-039 that is > "old". The two buffer overflows are brand new and are not the same as > MS03-026. These are the real dangers here, not that the DoS isn't > dangerous, but the buffer overflows are the keys to the security alert. > > Does anyone know if there is a 'sploit for the buffer overflows in the > wild? > > Exibar > > > ----- Original Message ----- > From: "Mike Tancsa" <[EMAIL PROTECTED]> > To: "Exibar" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Wednesday, September 10, 2003 2:54 PM > Subject: Re: [Full-Disclosure] MS03-039 has been released - critical > > > > > > http://xforce.iss.net/xforce/alerts/id/152 says, > > > > "The new DoS vulnerability was disclosed by a hacking group in China on > > July 25, 2003, and functional exploit code is already in use on the > > Internet. " > > > > ---Mike > > > > > > At 01:41 PM 10/09/2003, Exibar wrote: > > >anyone know of a 'sploit for this one yet? Or even proof of concept > code? > > > > > > > > >----- Original Message ----- > > >From: "Ryan, Pete" <[EMAIL PROTECTED]> > > >To: <[EMAIL PROTECTED]> > > >Sent: Wednesday, September 10, 2003 12:23 PM > > >Subject: [Full-Disclosure] MS03-039 has been released - critical > > > > > > > > > > > > > > > > > >http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security > / > > > > bulletin/MS03-039.asp > > > > > > > > -Pete > > > > > > > > _______________________________________________ > > > > Full-Disclosure - We believe in it. > > > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > > >_______________________________________________ > > >Full-Disclosure - We believe in it. > > >Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
