On Thu, Oct 30, 2003 at 06:02:41AM -0800, Bipin Gautam wrote: > > --[Effected]-- > The exploit has been tested in WINDOWS xp > > --[Description]-- > Running a specially crafted "shortcut" that points to itself! IF executed through > 'Windows Explorer' or IE may cauze 100% cpu use... THAT CAN LEAD TODoS in the victim. > > > > --[Simple! proof of concept]-- > http://www.geocities.com/visitbipin/shortcut.zip > > [Note: You *may* have to RUN the 'shortcut' few* time's to have a effective 100% CPU > use...] > > > EXTRACT this file and copy it to c:\ [root] and double click IT... or open it > through IE after copying it in c:\ > > > > > PS: Anyone willing to craft* it for IIS (O; > > --[credit]-- > Bipin Gautam (hUNT3R)
I haven't looked at your shortcut file(s) yet, but it sounds like the same as: http://www.securityfocus.com/archive/1/315151 If you find something like this on your own, at least do a *little* googling before reporting to a list. Else, sound like a fool. If you are blatantly ripping off other peoples' stuff, well, shame on you. tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
