Network Security: Detailed info on Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Vuln-Dev

[Top] [All Lists]

Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption

from [Michele Cicciotti] Network Security

[Permanent Link]

Subject:	Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day
Date:	Fri, 22 Dec 2006 01:58:19 +0100

Holy mackerel! Instances of this bug date back to 1999!


Different bug. That appears to be a trivial exhaustion of CSRSS worker threads 
through indiscriminate calls to MessageBox+MB_SERVICE_NOTIFICATION, which 
causes a DoS as no threads are available to serve kernel-mode requests from 
win32k, stalling GUI processes. I have done my fair share of CSRSS reversing in 
my better days, and I'm pretty sure that in Windows 2000 and later, a dedicated 
thread is used for such notifications, not just any thread, any time. Easily 
verifiable with local net sends and Spy++. It wasn't a "bug" either, more like 
a serious design flaw that ignored a very basic Win32 mantra ("don't do GUI in 
a worker thread") - not at all like this double-free


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day, 3APA3A Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day, 3APA3A Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day, Alexander Sotirov Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day, Pukhraj Singh Message not available Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day, Michele Cicciotti <=

Previous by Date:	Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip, Juha-Matti Laurio
Next by Date:	RE: Enforcing Java Security Manager in Restricted Windows Environments?, Jan P. Monsch
Previous by Thread:	Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day, Pukhraj Singh
Next by Thread:	[Full-disclosure] Fun with event logs (semi-offtopic), 3APA3A
Indexes:	[Date] [Thread] [Top] [All Lists]