[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Remotely Exploitable DoS Flaw in XP and 2003
- To: <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: [Full-Disclosure] Remotely Exploitable DoS Flaw in XP and 2003
- From: "Nick Lowe" <15320@xxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 2 Aug 2004 01:35:20 +0100
From anywhere with in either Windows XP and Windows 2003 - at the logon screen
if you want - holding down WinKey + U will, with time, slow the machine down to
a craw eventually causing the machine to lock.
If remote desktop is enabled - at the login screen, the aforementioned key
sequence can be held down, locking a machine remotely.
Mitigating Factors:
Windows XP SP2 does not seem to be vulnerable to this flaw.
The DoS flaw affects slower machines and those with less ram quicker than
higher specification machines. On very hi-spec machines, the flaw does not seem
to be exploitable.
Cause:
The key sequence causes the Windows utility manager to be continuously be
loaded and executed. Even though the program terminates if another instance is
detected, copies can be loaded quicker than the close - eating all memory on
the machine - eventually causing it to not respond to user input.
This E-Mail and any files transmitted with it are confidential, may be legally
privileged and are intended solely for the use of the addressee. If you have
received this E-Mail in error you are requested to contact the sender
immediately, and not disclose or make use of this information. Although Oakham
School operates an active anti virus policy, the organisation accepts no
liability for any damage caused by any virus transmitted by this E-Mail,
including any attachments. The views contained in this E-Mail are those of the
author and not necessarily those of Oakham School.