lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 11 Oct 2003 21:32:29 -0400
From: "Joe" <mvp@...ware.net>
To: <Full-Disclosure@...ts.netsys.com>
Cc: <bugtraq@...urityfocus.com>
Subject: RE: Local DoS in windows.


Umm nope, not on my XP SP1 machine. I have about 15 windows running and avg
1% utilization. I do your little trick and there is no change. 

Though maybe it is because my machine is one of those really fast 900Mhz
PIII's. 

Maybe the problem is you are running a hacked version of shell32.dll from
http://www.geocities.com/visitbipin/ and he screwed it up. 

Thanks for playing.

   joe


-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of bipin gautam
Sent: Friday, October 10, 2003 1:18 PM
To: Full-Disclosure@...ts.netsys.com
Cc: bugtraq@...urityfocus.com

--- [Affected] ---
We have only tried it in windows Xp.

--- [Bug Details] ---
http://www.geocities.com/visitbipin/win_dos.jpg
The image is self explanatory...

--- [Description] ---
When you click to "any" close, maximize or minimize button's in windows Xp,
[No matter whether it's IE or a WordPad] surprisingly there is 100% CPU use
at the instant and it continues............ until you release the button!
Moreover, we've noticed if you continuously click the button for a long time
[... not release it and hold ON ] we've seen gradual/slow rise in page-file
use too...!!!

--- [Conclusion] ---
Hell... local DoS! That could be used by employees working at different
terminal..... (O;

--- [Background Information] ---
This bug was originally discovered by hUNT3R,[myself] a member of 01
Security Submission. The vendor was notified via email.
http://www.ysgnet.com/hn
--- [I want a JOB/scholarship... anyone??? - hUNT3R] ---

__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists