Well, Just a warning b4 running the proof of concept... Make sure to close and
save useful stuff. It indeed works on xp sp2 and it will reboot your machiene.
I have to say, This would be trick to exploit another programs messagebox, and
wha joy could you possibly get out of restarting someone co
> Holy mackerel! Instances of this bug date back to 1999!
Different bug. That appears to be a trivial exhaustion of CSRSS worker threads
through indiscriminate calls to MessageBox+MB_SERVICE_NOTIFICATION, which
causes a DoS as no threads are available to serve kernel-mode requests from
win32k,
Holy mackerel! Instances of this bug date back to 1999!
http://groups.google.ca/group/microsoft.public.win32.programmer.kernel/browse_thread/thread/c5946bf40f227058/7bd7b5d66a4e5aff
--Pukhraj
On 12/21/06, Alexander Sotirov <[EMAIL PROTECTED]> wrote:
3APA3A wrote:
> Killer{R} assumes the prob
3APA3A wrote:
> Killer{R} assumes the problem is in strcpy(), because it should not be
> used for overlapping buffers, but at least ANSI implementation of strcpy
> from Visual C should be safe in this very situation (copying to lower
> addresses). May be code is different for Windows XP or vu
Dear lists,
in another Russian forum, Killer{R} made analysis on this issue using
Windows 2000 sources:
http://bugtraq.ru/cgi-bin/forum.mcgi?type=sb&b=21&m=140672
The problem is in win32k.sys' function GetHardErrorText, which tries to
prepare EXCEPTION data for event log, and seems to b