Markus,
>
> Can someone please investigate this? I think it's more important, than the
> M$ guys think (I'd like to try this on terminal server).
I am unable to reproduce the problem on a Win2k, 5.00.2195 system
in our quality assurance lab. This is almost certainly a bug in
your device driver, which vncviewer.exe is exposing when scaling
is enabled. Try installing the latest stable device driver from
the video card manufacturer.
Brian
>
> --
> _____________________________ /"\
> Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign
> [EMAIL PROTECTED] X Against HTML Mail
> / \
> ---------- Forwarded message ----------
> Date: Wed, 7 Mar 2001 08:34:59 -0800
> From: Microsoft Security Response Center <[EMAIL PROTECTED]>
> To: Markus Gaugusch <[EMAIL PROTECTED]>
> Cc: Microsoft Security Response Center <[EMAIL PROTECTED]>
> Subject: RE: [au] complete crash of windows 2000 using vncviewer
> Hello Markus,
> We are not familiar with the product, but have you tried to contact them
> also to see if they can reproduce?
> Based on our vulnerability definition I doubt this is a security
> vulnerability in our product, but will verify if there is a code quality
> bug we need to investigate. In the meantime please contact ATT.
> http://www.microsoft.com/technet/security/vulnrbl.asp
> Regards,
> Alex
> -----Original Message-----
> From: Markus Gaugusch [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, March 07, 2001 1:15 AM
> To: Microsoft Security Response Center
> Subject: complete crash of windows 2000 using vncviewer
> Hello security Team!
> The program vncviewer ( http://www.uk.research.att.com/vnc/ ) can crash
> a
> windows 2000 machine completely (reboot with _very_ short bluescreen),
> with normal privileges (group "users")
> You need to run vncviewer.exe (vnc doesn't need to be installed),
> connect
> to a vnc server, right click title bar -> connection options ->
> scaling [X] -> 4/5 -> OK
> Then the machine reboots.
> I've tested on two Win2k Professional SP1 machines (english).
> Windows NT 4.0 is NOT vulnerable.
> This information has not been released by me to any security mailing
> lists, but will be released in two weeks (Mar 21, 2001) if I won't get a
> response.
> with regards
> Markus Gaugusch
> --
> _____________________________ /"\
> Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign
> [EMAIL PROTECTED] X Against HTML Mail
> / \
--
Brian
----------------------------------------------------------------------------
TridiaVNC, the cross-platform, open source, remote control solution.
http://www.TridiaVNC.com/ and http://www.developVNC.org/
Java VNC Server Demo:
http://www.developVNC.org/logged-in/jVNC-info.html
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
