Eleytt=20Research=20 www.eleytt.com Overview/Credit:=20 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Michal=20Bucko www.eleytt.com/michal.bucko sapheal.hack.pl Vulnerability=20Table =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D 1.=20Microsoft=20Vista=20(Build=206000)=20Local=20Denial=20of=20Service=20= Vulnerability Vulnerability=20Details =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= 1.=20Microsoft=20Vista=20(Build=206000)=20Remote=20Denial=20of=20Service=20= Vulnerability=20 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D Microsoft=20Vista=20(Build=206000)=20is=20prone=20to=20local=20denial=20o= f=20service=20vulnerability.=20 PoC=20Code: USER32.DLL=20->=20MessageBoxA=20(=20NULL,=20NULL,=20NULL,=200=20)=20; USER32.DLL=20->=20MessageBoxW=20(=20NULL,=20NULL,=20NULL,=200=20)=20; Denial=20of=20service=20conditions=20due=20to=20null=20pointers,=20code=20= execution=20is not=20possible.=20This=20probably=20should=20be=20definietely=20called=20= a=20vulnerability as=20this=20issue=20has=20serious=20impact=20on=20every=20Windows=20Vista= =20user. For=20more=20information,=20please=20use: www.eleytt.com Eleytt=20-=20Company=20Information =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D Eleytt=20Corporation=20is=20specialized=20in=20penetration=20testing,=20v= ulnerability development,=20advanced=20reverse=20engineering=20and=20exploitation=20te= chniques.=20 Eleytt=20provides=20various=20security-related=20services:=20risk=20asses= sment,=20 security=20policy,=20security=20assurance,=20incident=20management,=20web= =20 application=20security=20testing,=20continuous=20security=20assurance=20p= rograms.=20 Eleytt=20provides=20security=20audits=20for=20financial=20institutions=20= and=20e-commerce. Eleytt=20provides=20an=20in-depth=20security=20analysis=20-=20experienced= =20security experts=20analyze=20your=20source=20code,=20analyze=20your=20application,= =20analyze=20your web=20application.=20Eleytt=20runs=20security=20programs=20for=20financia= l=20institutons and=20e-commerce. We=20have=20the=20mission=20to=20improve=20the=20security=20level=20of=20= software=20and=20web applications.=20It=20is=20us=20who=20help=20you=20implement=20more=20secu= re=20applications. We=20help=20you=20understand=20the=20risk=20and=20deploy=20security=20sol= utions.=20We=20help you=20avoid=20costly=20business=20disruptions. These=20are=20the=20questions,=20which=20might=20help=20you=20understand=20= how=20we=20work: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Want=20to=20get=20your=20web=20site=20checked=20for=20security=20vulnerab= ilities? Your=20server=20requires=20real=20penetration=20testing? Interested=20in=20Eleytt=20Business=20Continuity=20Program? Interested=20in=20Eleytt=20Application=20Security=20Program? For=20more=20information,=20please=20use: www.eleytt.com DISCLAIMER =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D This=20document=20and=20all=20the=20information=20it=20contains=20are=20p= rovided=20"as=20is", for=20educational=20purposes=20only,=20without=20warranty=20of=20any=20ki= nd,=20whether express=20or=20implied. The=20authors=20reserve=20the=20right=20not=20to=20be=20responsible=20for= =20the=20topicality, correctness,=20completeness=20or=20quality=20of=20the=20information=20pro= vided=20in this=20document.=20Liability=20claims=20regarding=20damage=20caused=20by=20= the=20use=20of any=20information=20provided,=20including=20any=20kind=20of=20information= =20which=20is incomplete=20or=20incorrect,=20will=20therefore=20be=20rejected.