Security News > 2022 > January > Rapid window title changes cause ‘white screen of death’
Eviatar Gerzi, a security researcher at CyberArk, has tried out various potential abuse pathways based on an old 2003 advisory on code execution via window title modifications and discovered a way to induce rapid window title changes on PuTTY. This atypical attack caused the test machine to enter a state known as the "White Screen of Death", where everything freezes except for the mouse cursor.
The abused function is 'SetWindowText,' which allows changing the text of the specified window's title bar.
In one of the cases, I tested the MobaXterm terminal, and I was surprised that it didn't use SetWindowText function to change the window title but, rather, a function named GdipDrawString.
He created an HTML file that would cause the title to change rapidly in an infinite loop, forcing the browser to freeze.
When trying the browser attack inside a virtual machine, a resource depletion issue occurred causing the virtualized system to display a 'Blue Screen of Death.
An attacker would not be able to trigger any additional vulnerable conditions or retrieve information that would be beneficial in other attacks on the system.