Full Disclosure mailing list archives

RE: Local DoS in windows.

From: bipin gautam <visitbipin () yahoo com>
Date: Fri, 10 Oct 2003 19:23:19 -0700 (PDT)

well... that works on mine! and the computer that i
have tested it on!
ARE YOU USING WINDOWS XP PRO???
well... in 2-3 sec and you contniously click the
button.... HELL IT  WORK!

YOU AREN'T A MICROSOFT EMPLOYEE ... ARE YOU???


----------------------------------------------------
--- Steve Wray <steve.wray () paradise net nz> wrote:

How long do you have to hold the mouse button down
for?
I see no effect after about 30 seconds then I got
bored...
Tried in outlook and wordpad. In fact the 'ambient'
CPU useage
actually appeared to flatten out.

-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On

Behalf Of

bipin gautam
Sent: Saturday, 11 October 2003 6:18 a.m.
To: Full-Disclosure () lists netsys com
Cc: bugtraq () securityfocus com
Subject: [Full-disclosure] Local DoS in windows.

--- [Affected] ---
We have only tried it in windows Xp.

--- [Bug Details] ---
http://www.geocities.com/visitbipin/win_dos.jpg 
The image is self explanatory...

--- [Description] ---
When you click to "any" close, maximize or

minimize

button's in windows Xp, [No matter whether it's IE

or

a WordPad] surprisingly there is 100% CPU use at

the

instant and it continues............ until you

release

the button! Moreover, we've noticed if you
continuously click the button for a long time [...

not

release it and hold ON ] we've seen gradual/slow

rise

in page-file use too...!!!

--- [Conclusion] ---
Hell... local DoS! That could be used by employees
working at different terminal..... (O;

--- [Background Information] ---
This bug was originally discovered by

hUNT3R,[myself]

a member of 01 Security Submission. The vendor was
notified via email.
http://www.ysgnet.com/hn


_______________________________________________
Full-Disclosure - We believe in it.
Charter:

http://lists.netsys.com/full-disclosure-charter.html


__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Local DoS in windows. bipin gautam (Oct 10)
- <Possible follow-ups>
- Local DoS in windows. bipin gautam (Oct 10)
  - RE: Local DoS in windows. Steve Wray (Oct 10)
    - Re: Local DoS in windows. Cael Abal (Oct 10)
    - Re: Local DoS in windows. [finally...] bipin gautam (Oct 10)
    - RE: Local DoS in windows. bipin gautam (Oct 10)
    - RE: Local DoS in windows. bipin gautam (Oct 10)
    - Re: Local DoS in windows. Richard Spiers (Oct 11)
    - Re: Local DoS in windows. Valdis . Kletnieks (Oct 11)
    - Re: Local DoS in windows. npguy (Oct 11)
    - Re: Local DoS in windows. bipin gautam (Oct 12)
    - Re: Local DoS in windows. [indeed it works... PROOF?] bipin gautam (Oct 12)
  - RE: Local DoS in windows. Joe (Oct 11)
    - Who Cried Wolf???!? (or, Who's Shell32.exe?) [was: Local DoS in windows] Arcturus (Oct 12)