[This is a MS win2k vulnerability but I am posting it here in hope that sysadmins who administer win2k PCs may be forewarned]
Microsoft Windows PostThreadMessage() Arbitrary Process Killing Vulnerability -------------------------------------- A vulnerability has been discovered in the Microsoft Windows operating system. The flaw lies in the way that processes handle messages sent from another process via the PostThreadMessage() API call. Reports indicate that, if a running process has a message queue and is sent one of 3 different messages, the process may terminate. This termination will occur despite any security level differences between processes, as well as any safe guards to prevent this behaviour, such as requiring a password before the process is killed. This issue likely occurs due to a design error, specifically failing to ensure that process verifies the origin of messages recieved via the PostThreadMessage() API call. Exploit ------- An exploit has been developed by Brett Moore and can be found below. http://www.securityfocus.com/data/vulnerabilities/ exploits/AppShutdown.c -- / \__ ( @\___ Raj Shekhar / O My home : http://geocities.com/lunatech3007/ / (_____/ My blog : http://lunatech.journalspace.com/ /_____/ U _______________________________________________ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
