proper 1337 :-) -- Ricky Blaikie - Server City Ltd http://www.servercity.co.uk - [EMAIL PROTECTED] T:0871-260100 F: 0871-2601001
----- Original Message ----- From: "Maxime Ducharme" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 30, 2003 3:43 PM Subject: Re: [Full-Disclosure] Shortcut...... may cause 100% cpu use!!! > From: "Bipin Gautam" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, October 30, 2003 9:02 AM > Subject: [Full-Disclosure] Shortcut...... may cause 100% cpu use!!! > > > > > > --[Effected]-- > > The exploit has been tested in WINDOWS xp > > > wow a new exploit ! > > > > > > --[Description]-- > > Running a specially crafted "shortcut" that points to itself! IF executed > through 'Windows Explorer' or IE may cauze 100% cpu use... THAT CAN LEAD > TODoS in the victim. > > > ohhh wait, this a DoS too ! > > > > > > > > > --[Simple! proof of concept]-- > > http://www.geocities.com/visitbipin/shortcut.zip > > > > [Note: You *may* have to RUN the 'shortcut' few* time's to have a > effective 100% CPU use...] > > > > > > EXTRACT this file and copy it to c:\ [root] and double click IT... or > open it through IE after copying it in c:\ > > > > > > > > > > PS: Anyone willing to craft* it for IIS (O; > > > I found how, send the file to the sysadmin and tell his this is a patch ! > > > > > > > --[credit]-- > > Bipin Gautam (hUNT3R) > > > congrats to our security specialist bipin > > > > > _____________________________________________________________ > > Secure mail ---> http://www.blackcode.com > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
