Do not intend to found a very serious vulnerability, and the year 3389 input loophole similar.However, no system was not being loaded does not affect input method (logged in system).
If the remote server installed , sign-on system is loaded after the search dogs, but not timely write-off or kill off Sogou input method directly to shut down the remote connection,
then the server is very dangerous strategy.
Test environment:
OS: windows 7 ultimate
Sogou input method official version 4.3
Vulnerability Process Description:
When windows is loaded Sogou input method later (after sign-on system),
lock the computer (cltr+alt+del) Switch to Sogou input method, enter the letters appear Sogou Pinyin input method tool bar, click search, will be called iexplorer.exe
I worked further with Microsoft and we disovered the fault was caused
by the CheckPoint Full Disk Encryption Driver in particular versions
of Windows and is not a defect in the OS.
On 9/9/09, Elvedin Trnjanin <trnja001@umn.edu> wrote:
> I could not reproduce this on Vista Home Premium or Windows 7 Ultimate
> (different computers, both 64-bit) even with creating 200 connections.
> Could you provide more information on your setup?
>
> Tim Medin wrote:
>> Creating multiple RDP connection at the same time causes Windows to
Affected Systems
-----------------------------
Using the sample DHCPv6 it was possible to verify this issue on following operating systems and configurations:
* Microsoft Windows 7 Ultimate SP1 32 bit & 64 bit
It is very likely that other versions of Windows 7 (and maybe earlier) are affected by this issue.
Impact
Win XP sp3:
K-meleon 1.5.3 & 1.5.4 Vulnerables.(crashes )
K-Meleon 1.6.0a4 Vulnerables.(crashes)
windows 7 Ultimate:
K-meleon 1.5.3 & 1.5.4 Vulnerables.(crashes)
K-Meleon 1.6.0a4 Vulnerables.(crashes)
############
References
I could not reproduce this on Vista Home Premium or Windows 7 Ultimate
(different computers, both 64-bit) even with creating 200 connections.
Could you provide more information on your setup?
Tim Medin wrote:
> Creating multiple RDP connection at the same time causes Windows to
> Blue Screen. Here is the Proof of Concept code.
>
> for /L %i in (1,1,20) do mstsc /v:127.0.0.%i
>
############
versions
############
Safari for windows 5.0.1 (7533.17.8)
on windows 7 ultimate fully patched.
Safari for windows windows 5.0.1 (7533.17.8)
on windows xp home sp3 fully patched
Win XP sp3:
Safari 5.0.X vulnerable
Safari 4.xx vulnerable
windows 7 Ultimate:
Safari 5.0.X vulnerable
Safari 4.xx vulnerable
############
> Exploit: Windows Vista/7 lpksetup.exe (oci.dll) DLL
> Hijacking Vulnerability
> Extension: .mlc
> Author: Tyler Borland (tborland1@gmail.com)
> Date: 10/20/2010
> Tested on: Windows 7 Ultimate (Windows Vista
> Ultimate/Enterpries and Windows 7 Enterprise should be
> vulnerable as well)
> Effect: Remote Code Execution
>
> lpksetup is the language pack installer that is included by
======
It is not really clear, if this is only juniper issue.
After third click, ale spawned screens are legitimate windows menu.
According to some guides it should be possible to create
"network logon" icon just by setting Windows. However,
I was not able to do so, at least not in Windows 7 ultimate.
Thanks to #brmlab, biiter
