Examining the RPC DCOM Vulnerability: Developing a Vulnerability-Exploit Cycle

This paper proposes to build on the vulnerability life-cycle work first proposed by Arbaugh, Fithen and McHughi to establish a detailed framework for vulnerability analysis. These extensions to the life-cycle, now proposed as the Vulnerability exploit cycle, contain additional developmental stages intended to reflect recent experiences when analyzing critical events. In particular, The Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) buffer overrun vulnerability found in a multitude of Windows operating systems and Cisco devices / control programs is then deconstructed and charted against this revised vulnerability-exploit cycle. Further, the use of human intelligence, gathered through numerous security, hacker and cracker related websites, weblogs, user-groups, and discussion boards, will be shown to be a useful tool in capturing and documenting the evolution of the vulnerability. By developing a detailed framework in which to analyze events and milestones within the vulnerability-exploit cycle, critical events and time correlations can be recognized. This will lead to the ability to predict vulnerability and exploit behavior more effectively.