see guy's i wasn't wrong! NA, NONE OF THEM ARE USING THE HACKED VERSION OF SHELL32.DLL ANYWAY!
i've tried it in fresh installed windows xp. well, as npguy says... the bug worked in his 128 ram PC! but surprisingly i have 256mb p3, and it worked there too... [ i can't still understand... what the heck causes this real problem ] -------------------------------------------- --- Joe <[EMAIL PROTECTED]> wrote: > Umm nope, not on my XP SP1 machine. I have about 15 > windows running and avg > 1% utilization. I do your little trick and there is > no change. > > Though maybe it is because my machine is one of > those really fast 900Mhz > PIII's. > > Maybe the problem is you are running a hacked > version of shell32.dll from > http://www.geocities.com/visitbipin/ and he screwed > it up. > > Thanks for playing. > > joe > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of bipin gautam > Sent: Friday, October 10, 2003 1:18 PM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > > --- [Affected] --- > We have only tried it in windows Xp. > > --- [Bug Details] --- > http://www.geocities.com/visitbipin/win_dos.jpg > The image is self explanatory... > > --- [Description] --- > When you click to "any" close, maximize or minimize > button's in windows Xp, > [No matter whether it's IE or a WordPad] > surprisingly there is 100% CPU use > at the instant and it continues............ until > you release the button! > Moreover, we've noticed if you continuously click > the button for a long time > [... not release it and hold ON ] we've seen > gradual/slow rise in page-file > use too...!!! > > --- [Conclusion] --- > Hell... local DoS! That could be used by employees > working at different > terminal..... (O; > > --- [Background Information] --- > This bug was originally discovered by > hUNT3R,[myself] a member of 01 > Security Submission. The vendor was notified via > email. > http://www.ysgnet.com/hn > --- [I want a JOB/scholarship... anyone??? - hUNT3R] > --- > > __________________________________ > Do you Yahoo!? > The New Yahoo! Shopping - with improved product > search > http://shopping.yahoo.com > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: > http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html ------------------------------------------------------- --- npguy <[EMAIL PROTECTED]> wrote: > shamefully it happen with my xp running in 128 mb > ram pc whereas another > which has enough ram, has not shown this problem. > > On Sat, 11 Oct 2003 21:05:29 -0400, > <[EMAIL PROTECTED]> wrote: > > > On Sun, 12 Oct 2003 02:18:16 +0200, Richard Spiers > <[EMAIL PROTECTED]> > > said: > >> whoopee!. Bleh. Really a security issue? Same > thing happens if you have > >> show > >> windows content enabled and you drag around a > window, as long as your > >> dragging the window, the cpu will remain close to > 100 % usage. > >> Significant? > > > > Probably not directly, but possibly indirectly. > > > > The questions are, of course: > > > > 1) Is the 100% cycle sucking done as a > pre-emptible thing, or can you > > cpu-starve something else using it? > > > > 2) Is there some *other* security-related API that > botches incorrectly if > > it's > > cpu-starved? > > > >> No, unless its proof of some shoddy coding of > some-sort. > > > > A hammer is a useful tool for finding > non-impact-resistant screws...... > > > > > > -- > Using M2, Opera's revolutionary e-mail client: > http://www.opera.com/m2/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
