RE: Strange behaviour in Win2k [DDos Vunerability & Possible Solution]

From: Tony V. Fondo (Tonyat_private)
Date: Mon Mar 11 2002 - 10:41:45 PST

Next message: Matthew S. Hallacy: "DOCSIS vulnerability"

Previous message: Mats Linander: "Re: compress(vul) + ftpd(?)"
In reply to: Matt Priestley: "RE: Strange behaviour in Win2k"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Advisory:

	The following has been brought to our attention:
That there is a new DDoS for the common MS Mouse Balls, This eXpLoit is shown in the following Proof of Concept :
Take the MoUse Ball out, and put a stick of (used) bubble gum in the mouse itself (if no gum is available a nice size dust bunny should do.)
put the ball back, and close the hatch. This should render the unsuspecting users mouse virtually useless.

Solution:

	It is advised to hide all bubble gum, dust bunnies and tape from the immediate work enviroment.

Status:
	Vendor has not been notified as of yet, will keep  you in formed.

Rants/Shouts:
	shouts out to daKid, sUperWo0t, and Opus for this proof of concept eXploiT, and many hours of fun at the boWling Alley->


>-----Original Message-----
>From: Matt Priestley [mailto:mpriestat_private]
>Sent: Friday, March 08, 2002 2:32 PM
>To: vuln-devat_private
>Subject: RE: Strange behaviour in Win2k
>
>
>Not to trivialize this because it might indeed be a real bug, but have
>you examined your mouse wheel? I have seen similar behavior before on
>mice with gunked up wheels.
>
>-matthew Priestley
>mpriestat_private
>
>
>-----Original Message-----
>From: npcompleter [mailto:npcompleterat_private] 
>Sent: Thursday, February 28, 2002 3:05 AM
>To: vuln-devat_private
>Subject: Strange behaviour in Win2k
>
>Hi all,
>When I was viewing emails using Outlook 2002 (aka Outlook XP) on a Win2k
>pro SP2 box (Version 5.00.2195), I noticed something strange.
>
>A message mentioned a URL. I selected the URL and copied it to clipboard
>using Ctrl+C keyboard shortcut (and later, using Copy command in the
>context menu,) that's when something happened.
>
>I tried to move the cursor to the system tray, but the cursor refused to
>move a millimeter below the status bar, or it moves for 1/10 second and
>it gets back above the status bar as if it was locked there. When I
>waited for a few seconds, everything went back normal. I copied
>different text to the clipboard, the cursor moved normally. I copied the
>http://xx.xx.xx.xx/ part only (without filename), the cursor refused
>once again. I tried different text containing "http://" and got the same
>result, even with a few leading and trailing spaces. I tried to copy the
>text and waited for about 7 seconds (On PIII 450 MHz with 256 MB RAM),
>everything went normal. The same behaviour happened whenever I copy the
>"http://" part from anywhere (browser, text editor,...etc).
>
>Could anyone replicate this?
>Does anyone think this might have any (possibly security) significance?
>
>P.S. This happened more that once, but sometimes I restart my Outlook
>and it doesn't happen!
>
>Cheers
>NPcompleter

Next message: Matthew S. Hallacy: "DOCSIS vulnerability"
Previous message: Mats Linander: "Re: compress(vul) + ftpd(?)"
In reply to: Matt Priestley: "RE: Strange behaviour in Win2k"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Mar 11 2002 - 15:36:43 PST