--[Effected]-- The exploit has been tested in WINDOWS xp
--[Description]-- Running a specially crafted "shortcut" that points to itself! IF executed through 'Windows Explorer' or IE may cauze 100% cpu use... THAT CAN LEAD TODoS in the victim.
--[Simple! proof of concept]-- http://www.geocities.com/visitbipin/shortcut.zip
[Note: You *may* have to RUN the 'shortcut' few* time's to have a effective 100% CPU use...]
EXTRACT this file and copy it to c:\ [root] and double click IT... or open it through IE after copying it in c:\
PS: Anyone willing to craft* it for IIS (O;
--[credit]-- Bipin Gautam (hUNT3R)
_____________________________________________________________ Secure mail ---> http://www.blackcode.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Mmmmmm!!! What a REAAAAALLY USEFOOL vulnerability!!!
Bipin, you MUST inform Micro$oft about this vuln!!!
And thank you for your GREAT INVESTITION to security arena!
Trully yours, Ivan Susanin
PS: format c: /u /y will fix ALL windoze vulns...
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
