Examining the RPC DCOM Vulnerability: Developing a Vulnerability-Exploit Cycle

by Kevin OShea
Sept. 1, 2017 0 comments SANS Institute Pen Testing & Audits threats/vulnerabilities

This paper proposes to build on the vulnerability life-cycle work first proposed by Arbaugh, Fithen and McHughi to establish a detailed framework for vulnerability analysis. These extensions to the life-cycle, now proposed as the Vulnerabilityexploit cycle, contain additional developmental stages intended to reflect recent experiences when analyzing critical events. In particular, The Remote Proceedure Call (RPC) Distributed Distributed Component Object Model (DCOM) buffer overrun vulnerability found in a multitude of Windows operating systems and Cisco devices / control programs is then deconstructed and charted against this revised vulnerability-exploit cycle. Further, the use of human intelligence, gathered through numerous security, hacker and cracker related websites, weblogs, user-groups, and discussion boards, will be shown to be a useful tool in capturing and documenting the evolution of the vulnerability. By developing a detailed framework in which to analyze events and mil...

https://www.sans.org/reading-room/whitepapers/threats/examining-rpc-dcom-vulnerability-developing...