Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.


Pink Floyd Worm/Virus and MS03-039

Rumors have been circulated about a worm/virus named Pink Floyd that reportly exploits an additional vulnerability related to the Microsoft Advisory MS03-039 concerning the MS RPC service. It is further reported that even patched systems are vulnerable. Exploits have been released to the Internet which allegedly use this weakness. Cisco has tested these exploits and found that signature 3330 (Windows RPCSS Overflow II) detects their precense. Microsoft is expected to comment on these rumors. Due to the uncertain nature of these facts, it is recommended that special scrutiny be given to any 3330 alarms occuring in your network for the near future.

New Member

Re: Pink Floyd Worm/Virus and MS03-039

This worm claims to only DOS the target box. I have yet to see a reply to my post on Bugtraq, but if the worm exploits MS03-039, and only DOSs the target, what then is the propagation mechanism of this supposed worm?

Cisco Employee

Re: Pink Floyd Worm/Virus and MS03-039

lifted from a Microsoft bulletin:

"...Exploit code currently available will provide a remote shell to an unpatched system. If the system has been patched with Microsoft Security Bulletin MS03-039, the system will not be compromised but may experience a Denial of Service. The Microsoft Security Response Center is actively investigating the issue of the Denial of Service."


New Member

Re: Pink Floyd Worm/Virus and MS03-039

Which bulletin is that?

Cisco Employee

Re: Pink Floyd Worm/Virus and MS03-039

Its from one of their Premium Support Service updates...not a security bulletin per se.

CreatePlease login to create content