Full Disclosure mailing list archives
Re: Windows Command Processor CMD.EXEBufferOverflow
From: "Dave \"No, not that one\" Korn" <davek_throwaway () hotmail com>
Date: Wed, 25 Oct 2006 14:09:14 +0100
Peter Ferrie wrote:
file:// ?OK, I'll bite. Why are file:// URLs relevant to the discussion?It allows arbitrary data to be passed to CMD.EXE, without first owning the system.
No it doesn't. It passes arbitrary data to the windows gui shell exec
function. It doesn't invoke cmd.exe. Unless you have an actual working
example?
cheers,
DaveK
--
Can't think of a witty .sigline today....
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Windows Command Processor CMD.EXE Buffer Overflow offset (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Brian Eaton (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Thierry Zoller (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Brian Eaton (Oct 23)
- Re: Windows Command Processor CMD.EXE BufferOverflow Peter Ferrie (Oct 23)
- Re: Windows Command Processor CMD.EXE BufferOverflow Matthew Flaschen (Oct 23)
- Re: Windows Command Processor CMD.EXE BufferOverflow Brian Eaton (Oct 23)
- Re: Windows Command Processor CMD.EXE BufferOverflow Debasis Mohanty (Oct 23)
- Message not available
- Fwd: Windows Command Processor CMD.EXE BufferOverflow Mark Senior (Oct 24)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Thierry Zoller (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Brian Eaton (Oct 23)
- Re: Windows Command Processor CMD.EXEBufferOverflow Dave "No, not that one" Korn (Oct 25)