On Win2k SP3 the result, when logged in as both administrator or as a normal user, on the local domain or machine-locally, was the expected windows message for disallowed resource access, or for failure to find the remote host, in the case of administrator access. The string lengths used were 100, 150, and 200 characters, in succession. None of these resulted in a crash. Regards, Ali Saifullah Khan >From: "aT4r InsaN3" <at4rat_private> >Reply-To: at4rat_private >To: vuln-devat_private >Subject: Windows XP mmc.exe Crash >Date: Mon, 28 Apr 2003 22:35:29 +0200 > > >I found a way to crash mmc.exe in my windowsxp profesional SP1 b0x maybe >others systems afected. I dont know if this can be used to execute code so >please take a look. > >steps: >first, execute Control Pannel / Administrative Tools / Computer Managment >or just type into cmd.exe "%SystemRoot%\system32\compmgmt.msc /s" > >then right click and select connect to remote computer, an type at least >100chars ( AAAAAAAAAAAAA.. ) >mmc.exe will warn you that the remote computer \\AAAAAAAAAA.... was not >found. Now, right click again and select propierties. > >mmc.exe crash. > > > >aT4r [at] 3wdesign.es Security (c) > >_________________________________________________________________ >Multiplica por cinco el tamaño de tu buzón de correo y envía adjuntos de >hasta 2 Mb con MSN Almacenamiento Extra. >http://join.msn.com/?pgmarket=es-es > _________________________________________________________________ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
This archive was generated by hypermail 2b30 : Wed Apr 30 2003 - 09:02:42 PDT