RE: Strange behaviour in Win2k [DDos Vunerability & Possible Solution]

["Tony V. Fondo" <Tony () ElectroNet Net>]

Advisory:

        The following has been brought to our attention:
That there is a new DDoS for the common MS Mouse Balls, This eXpLoit is shown in the following Proof of Concept :
Take the MoUse Ball out, and put a stick of (used) bubble gum in the mouse itself (if no gum is available a nice size 
dust bunny should do.)
put the ball back, and close the hatch. This should render the unsuspecting users mouse virtually useless.

Solution:

        It is advised to hide all bubble gum, dust bunnies and tape from the immediate work enviroment.

Status:
        Vendor has not been notified as of yet, will keep  you in formed.

Rants/Shouts:
        shouts out to daKid, sUperWo0t, and Opus for this proof of concept eXploiT, and many hours of fun at the 
boWling Alley->


> -----Original Message-----
> From: Matt Priestley [mailto:mpriest () microsoft com]
> Sent: Friday, March 08, 2002 2:32 PM
> To: vuln-dev () securityfocus com
> Subject: RE: Strange behaviour in Win2k
>
>
> Not to trivialize this because it might indeed be a real bug, but have
> you examined your mouse wheel? I have seen similar behavior before on
> mice with gunked up wheels.
>
> -matthew Priestley
> mpriest () microsoft com
>
>
> -----Original Message-----
> From: npcompleter [mailto:npcompleter () hotmail com] 
> Sent: Thursday, February 28, 2002 3:05 AM
> To: vuln-dev () securityfocus com
> Subject: Strange behaviour in Win2k
>
> Hi all,
> When I was viewing emails using Outlook 2002 (aka Outlook XP) on a Win2k
> pro SP2 box (Version 5.00.2195), I noticed something strange.
>
> A message mentioned a URL. I selected the URL and copied it to clipboard
> using Ctrl+C keyboard shortcut (and later, using Copy command in the
> context menu,) that's when something happened.
>
> I tried to move the cursor to the system tray, but the cursor refused to
> move a millimeter below the status bar, or it moves for 1/10 second and
> it gets back above the status bar as if it was locked there. When I
> waited for a few seconds, everything went back normal. I copied
> different text to the clipboard, the cursor moved normally. I copied the
> http://xx.xx.xx.xx/ part only (without filename), the cursor refused
> once again. I tried different text containing "http://"; and got the same
> result, even with a few leading and trailing spaces. I tried to copy the
> text and waited for about 7 seconds (On PIII 450 MHz with 256 MB RAM),
> everything went normal. The same behaviour happened whenever I copy the
> "http://"; part from anywhere (browser, text editor,...etc).
>
> Could anyone replicate this?
> Does anyone think this might have any (possibly security) significance?
>
> P.S. This happened more that once, but sometimes I restart my Outlook
> and it doesn't happen!
>
> Cheers
> NPcompleter