Submitted By |
Date |
Comment |
Nick FitzGerald |
2005-09-13 02:06:58 |
Spike 31 Aug thru early September 2005 probably due to remotely
exploitable login username buffer overflow in DameWare Mini
Remote Control Client Agent Service (dwrcs.exe):
http://www.frsirt.com/english/advisories/2005/1596
Reported to affect 4.0 thru, but not including, 4.9.0.
Various versions of this agent are often surreptitiously
installed by malware as a backdoor, so random scanning may
turn up more installations than might otherwise be expected.
|
ChrisA |
2004-04-28 00:21:35 |
There is at least one known buffer overflow vulnerablity in versions prior to 3.73. This vulnerablity may permit an unauthenticated attacker from executing code on your system. |
Jerry Davis |
2004-01-03 07:35:13 |
I have also seen quite a few successful entries via this port from dameware mini r/c. It also seems to be connected to slim FTP that shows up at the same time of infection. |
Andreas |
2003-12-22 23:18:25 |
Probably related to http://www.securiteam.com/windowsntfocus/6N00B1P95I.html
and/or http://www.k-otik.com/exploits/08.13.nfm-shatterdame.c.php.
I've seen multiple successful intrusions via this service today. |
Davis Ray Sickmon, Jr |
2003-12-22 07:41:30 |
Normally associated with DameWare and DameWare mini-RC, a remote control agent. |