[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20031011022310.19303.qmail@web20201.mail.yahoo.com>
Date: Fri, 10 Oct 2003 19:23:10 -0700 (PDT)
From: bipin gautam <visitbipin@...oo.com>
To: Steve Wray <steve.wray@...adise.net.nz>, Full-Disclosure@...ts.netsys.com
Cc: bugtraq@...urityfocus.com
Subject: RE: Local DoS in windows.
well... that works on mine! and the computer that i
have tested it on!
ARE YOU USING WINDOWS XP PRO???
well... in 2-3 sec and you contniously click the
button.... HELL IT WORK!
YOU AREN'T A MICROSOFT EMPLOYEE ... ARE YOU???
----------------------------------------------------
--- Steve Wray <steve.wray@...adise.net.nz> wrote:
> How long do you have to hold the mouse button down
> for?
> I see no effect after about 30 seconds then I got
> bored...
> Tried in outlook and wordpad. In fact the 'ambient'
> CPU useage
> actually appeared to flatten out.
>
> > -----Original Message-----
> > From: full-disclosure-admin@...ts.netsys.com
> > [mailto:full-disclosure-admin@...ts.netsys.com] On
> Behalf Of
> > bipin gautam
> > Sent: Saturday, 11 October 2003 6:18 a.m.
> > To: Full-Disclosure@...ts.netsys.com
> > Cc: bugtraq@...urityfocus.com
> > Subject: [Full-Disclosure] Local DoS in windows.
> >
> >
> > --- [Affected] ---
> > We have only tried it in windows Xp.
> >
> > --- [Bug Details] ---
> > http://www.geocities.com/visitbipin/win_dos.jpg
> > The image is self explanatory...
> >
> > --- [Description] ---
> > When you click to "any" close, maximize or
> minimize
> > button's in windows Xp, [No matter whether it's IE
> or
> > a WordPad] surprisingly there is 100% CPU use at
> the
> > instant and it continues............ until you
> release
> > the button! Moreover, we've noticed if you
> > continuously click the button for a long time [...
> not
> > release it and hold ON ] we've seen gradual/slow
> rise
> > in page-file use too...!!!
> >
> > --- [Conclusion] ---
> > Hell... local DoS! That could be used by employees
> > working at different terminal..... (O;
> >
> > --- [Background Information] ---
> > This bug was originally discovered by
> hUNT3R,[myself]
> > a member of 01 Security Submission. The vendor was
> > notified via email.
> > http://www.ysgnet.com/hn
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
http://lists.netsys.com/full-disclosure-charter.html
__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists