[fuzzing] Windows screensaver lock and lecturing
Gadi Evron
ge at linuxbox.org
Sat Sep 1 03:04:58 CDT 2007
On Fri, 31 Aug 2007, Thierry Zoller wrote:
> Dear Gadi,
> You should really reply to emails ;)
>
> This is a typical "Send F1 to all open Windows" attack, I use it to
> get System privs on broken drivers, F1 ist Help, if no HLP file is
> referenced it will pop up a File Open dialog (*.hlp), browse to cmd.exe and
> voila.
>
> Now I don't know why this happens while unlocking the screen.
Something unpatched according to a commend on my blog post on this...
Me? Not answering email??
>
> GE> I was giving a lecture at NPS yesterday, and while I was unlocking my laptop
> GE> (XP), suddently, before unlocked, a File Open window pops up. I could browse,
> GE> and more importantly, open files. The first choice of the system was .hlp.
>
> GE> Can someone say pwnage? Anyone up to doing some monkey fuzzing on that
> GE> interface?
>
> GE> Gadi.
> GE> _______________________________________________
> GE> fuzzing mailing list
> GE> fuzzing at whitestar.linuxbox.org
> GE> http://www.whitestar.linuxbox.org/mailman/listinfo/fuzzing
>
>
>
> --
> http://secdev.zoller.lu
> Thierry Zoller
> Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7
>
> _______________________________________________
> fuzzing mailing list
> fuzzing at whitestar.linuxbox.org
> http://www.whitestar.linuxbox.org/mailman/listinfo/fuzzing
>
More information about the fuzzing
mailing list