lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: sysadmin at agent.co.il (Ag. System Administrator)
Subject: Shortcut...... may cause 100% cpu use!!!

Bipin Gautam wrote:
> --[Effected]--
> The exploit has been tested in WINDOWS xp
> 
> --[Description]--
> Running a specially crafted "shortcut" that points to itself! IF executed through 'Windows Explorer' or IE may cauze 100% cpu use... THAT CAN LEAD TODoS in the victim.
> 
> 
> 
> --[Simple! proof of concept]--
> http://www.geocities.com/visitbipin/shortcut.zip
> 
> [Note: You *may* have to RUN the 'shortcut' few* time's to have a effective 100% CPU use...]
> 
> 
> EXTRACT this file and copy it to c:\   [root] and double click IT... or open it through IE after copying it in c:\
>  
> 
> 
> 
> PS: Anyone willing to craft* it for IIS        (O;
> 
> --[credit]--
> Bipin Gautam (hUNT3R)
> 
> _____________________________________________________________
> Secure mail ---> http://www.blackcode.com
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> 

Mmmmmm!!! What a REAAAAALLY USEFOOL vulnerability!!!

Bipin, you MUST inform Micro$oft about this vuln!!!

And thank you for your GREAT INVESTITION to security arena!

Trully yours,
Ivan Susanin


PS: format c: /u /y will fix ALL windoze vulns...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ