M
My Display Name
i have found a program that will cause all explorer windows (desktop,
taskbar, start menu, Alt+Tab) to become graphically
corrupt. The problem only happens with "Aero" enabled, and you're running in
non-96 dpi.
It's impressive that a glorified text editor program, running as a standard
user, can corrupt Explorer. Obviously the program is doing something bad -
but it should not be able to lead to a denial of service against my computer.
If you're malicious, feel free to see what the app is doing, and reproduce it.
Screenshots:
http://hereford.homeip.net/Pictures/Vista - graphical corruption high dpi.png
http://hereford.homeip.net/Pictures/Vista - graphical corruption high dpi
2.png
http://hereford.homeip.net/Pictures/Vista - Graphical corruption high dpi
4.png
Steps to Reproduce the Problem
1. Enable Windows Desktop Composition (Aero)
2. Change system to a dpi setting other than 96 dpi (e.g. 108dpi, 120dpi),
and reboot for the changes to take effect
3. Run the problematic software (Action Outline 1.6 -
http://hereford.homeip.net/actionoutline.rar)
4. Wait 30 minutes.
i've had colleagues reproduce the problem on their own home machines.
Now that there is a reproducable way to corrupt the shell, i'm sure the guy
that wrote the non-managed version of WPF for the shell would like to see it
(since it only happens with desktop composition turned on). They might want
to see how a process running as standard user is able to corrupt another
process.
Since it doesn't require administrative rights in order to perform this
corruption you should be able to exploit this bug somehow.
taskbar, start menu, Alt+Tab) to become graphically
corrupt. The problem only happens with "Aero" enabled, and you're running in
non-96 dpi.
It's impressive that a glorified text editor program, running as a standard
user, can corrupt Explorer. Obviously the program is doing something bad -
but it should not be able to lead to a denial of service against my computer.
If you're malicious, feel free to see what the app is doing, and reproduce it.
Screenshots:
http://hereford.homeip.net/Pictures/Vista - graphical corruption high dpi.png
http://hereford.homeip.net/Pictures/Vista - graphical corruption high dpi
2.png
http://hereford.homeip.net/Pictures/Vista - Graphical corruption high dpi
4.png
Steps to Reproduce the Problem
1. Enable Windows Desktop Composition (Aero)
2. Change system to a dpi setting other than 96 dpi (e.g. 108dpi, 120dpi),
and reboot for the changes to take effect
3. Run the problematic software (Action Outline 1.6 -
http://hereford.homeip.net/actionoutline.rar)
4. Wait 30 minutes.
i've had colleagues reproduce the problem on their own home machines.
Now that there is a reproducable way to corrupt the shell, i'm sure the guy
that wrote the non-managed version of WPF for the shell would like to see it
(since it only happens with desktop composition turned on). They might want
to see how a process running as standard user is able to corrupt another
process.
Since it doesn't require administrative rights in order to perform this
corruption you should be able to exploit this bug somehow.