Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Shortcut...... may cause 100% cpu use!!!

From: Tim <tim-security () sentinelchicken org>
Date: Thu, 30 Oct 2003 07:14:14 -0800

On Thu, Oct 30, 2003 at 06:02:41AM -0800, Bipin Gautam wrote:


--[Effected]--
The exploit has been tested in WINDOWS xp

--[Description]--
Running a specially crafted "shortcut" that points to itself! IF executed through 'Windows Explorer' or IE may cauze 
100% cpu use... THAT CAN LEAD TODoS in the victim.



--[Simple! proof of concept]--
http://www.geocities.com/visitbipin/shortcut.zip

[Note: You *may* have to RUN the 'shortcut' few* time's to have a effective 100% CPU use...]


EXTRACT this file and copy it to c:\   [root] and double click IT... or open it through IE after copying it in c:\
 



PS: Anyone willing to craft* it for IIS        (O;

--[credit]--
Bipin Gautam (hUNT3R)



I haven't looked at your shortcut file(s) yet, but it sounds like the
same as: 
  http://www.securityfocus.com/archive/1/315151

If you find something like this on your own, at least do a *little*
googling before reporting to a list.  Else, sound like a fool.  If you
are blatantly ripping off other peoples' stuff, well, shame on you.

tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: