complete crash of windows 2000 using vncviewer (fwd)

Thu, 08 Mar 2001 01:58:38 -0800 

 ******************************************************************
<<<<<<<<<<<< PLEASE GIVE ME A CC, I'M NOT ON THE LIST  >>>>>>>>>>>>>
 ******************************************************************

Can someone please investigate this? I think it's more important, than the
M$ guys think (I'd like to try this on terminal server).


-- 
_____________________________     /"\
Markus Gaugusch  ICQ 11374583     \ /    ASCII Ribbon Campaign
[EMAIL PROTECTED]            X     Against HTML Mail
                                  / \

---------- Forwarded message ----------
Date: Wed, 7 Mar 2001 08:34:59 -0800
From: Microsoft Security Response Center <[EMAIL PROTECTED]>
To: Markus Gaugusch <[EMAIL PROTECTED]>
Cc: Microsoft Security Response Center <[EMAIL PROTECTED]>
Subject: RE: [au] complete crash of windows 2000 using vncviewer

Hello Markus,

We are not familiar with the product, but have you tried to contact them
also to see if they can reproduce?

Based on our vulnerability definition I doubt this is a security
vulnerability in our product, but will verify if there is a code quality
bug we need to investigate. In the meantime please contact ATT.

http://www.microsoft.com/technet/security/vulnrbl.asp

Regards,
Alex

-----Original Message-----
From: Markus Gaugusch [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 07, 2001 1:15 AM
To: Microsoft Security Response Center
Subject: complete crash of windows 2000 using vncviewer


Hello security Team!
The program vncviewer ( http://www.uk.research.att.com/vnc/ ) can crash
a
windows 2000 machine completely (reboot with _very_ short bluescreen),
with normal privileges (group "users")
You need to run vncviewer.exe (vnc doesn't need to be installed),
connect
to a vnc server, right click title bar -> connection options ->
scaling [X] -> 4/5 -> OK
Then the machine reboots.
I've tested on two Win2k Professional SP1 machines (english).
Windows NT 4.0 is NOT vulnerable.

This information has not been released by me to any security mailing
lists, but will be released in two weeks (Mar 21, 2001) if I won't get a
response.

with regards
Markus Gaugusch

-- 
_____________________________     /"\
Markus Gaugusch  ICQ 11374583     \ /    ASCII Ribbon Campaign
[EMAIL PROTECTED]            X     Against HTML Mail
                                  / \
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------

Reply via email to