Strange servicepack.exe file (not service.exe) found.

• Previous message: Lachniet, Mark: "RE: DS trojan opens ports fport does not detect?"
• Next in thread: Bojan Zdrnja: "RE: Strange servicepack.exe file (not service.exe) found."
• Reply: Bojan Zdrnja: "RE: Strange servicepack.exe file (not service.exe) found."
• Reply: Peter Kruse: "SV: Strange servicepack.exe file (not service.exe) found."
• Reply: Eric Chien: "Re: Strange servicepack.exe file (not service.exe) found."
• Maybe reply: James C Slora Jr: "RE: Strange servicepack.exe file (not service.exe) found."
• Maybe reply: Kolde, Jennifer E.: "RE: Strange servicepack.exe file (not service.exe) found."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 16 Dec 2003 13:29:09 -0500
To: incidents@securityfocus.com

Running in the task manager on a windows 98 box on
our lan. The machine was misbehaving badly yesterday
morning. IE 5.5 was broken, will not browse anything,
even a local file. Mozilla 1.5 works fine. The machine
has been flattened and is being reloaded with Win2K.

This machine was screwed down as tight as we could make
it and still have it be useful. It was used by staff
that had no dedicated workstations to access our webmail
and such things.

I know nothing about reverse engineering binary executables.
Strings output showed some concerning lines.

I've posted the file "servicepack.exe" in zipped and
tarred formats both at this url.

http://www.eruditium.org/cmefford/securityfocus/

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Previous message: Lachniet, Mark: "RE: DS trojan opens ports fport does not detect?"
• Next in thread: Bojan Zdrnja: "RE: Strange servicepack.exe file (not service.exe) found."
• Reply: Bojan Zdrnja: "RE: Strange servicepack.exe file (not service.exe) found."
• Reply: Peter Kruse: "SV: Strange servicepack.exe file (not service.exe) found."
• Reply: Eric Chien: "Re: Strange servicepack.exe file (not service.exe) found."
• Maybe reply: James C Slora Jr: "RE: Strange servicepack.exe file (not service.exe) found."
• Maybe reply: Kolde, Jennifer E.: "RE: Strange servicepack.exe file (not service.exe) found."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Strange servicepack.exe file (not service.exe) found. ... > Running in the task manager on a windows 98 box on ... > our lan. ... The machine was misbehaving badly yesterday ... > tarred formats both at this url. ... (Incidents) Re: ... a network share, the networking is handled by Windows; ... it's treated the same as a local file. ... That should authenticate and de-authenticate you properly, ... There may be a better way of doing this using the Windows ... (comp.lang.python) [NT] More Reading of Local Files Vulnerabilities in MSIE ... this vulnerability is similar in concept to: ... Explorer 6 Allows Local File Reading ) ... Internet Explorer version 5.5 (Windows ME) ... (Securiteam) Admin PAK for Win2003 Server on XP Systems ... successful install) the AdminPak for Windows 2003 Server, ... Similarly when I try to set Local File ... (microsoft.public.windowsxp.security_admin) Re: Good news for SPARC ... >> TLE to determine what to do with a file even if the TLE is ... >> unknown foreign content direct access to the local file ... >into your system as a regular user and only su to root/admin when you ... Actually windows have such a feature.. ... (comp.unix.solaris)