Full Disclosure mailing list archives

Re: Windows Command Processor CMD.EXE Buffer Overflow

From: "Brian Eaton" <eaton.lists () gmail com>
Date: Mon, 23 Oct 2006 12:54:29 -0400

On 10/23/06, offset () galvanet com <offset () galvanet com> wrote:

This works on Windows SP2 : The system doesn't reply "The filename or extension is too long."
but cmd crash.


Is there a reason that a buffer overflow in cmd.exe matters?

If the attacker is sending arbitrary input to cmd.exe, haven't they
owned the box anyway?

Regards,
Brian

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Windows Command Processor CMD.EXE Buffer Overflow offset (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Brian Eaton (Oct 23)
  - Re: Windows Command Processor CMD.EXE Buffer Overflow Thierry Zoller (Oct 23)
    - Re: Windows Command Processor CMD.EXE Buffer Overflow Brian Eaton (Oct 23)
    - Re: Windows Command Processor CMD.EXE BufferOverflow Peter Ferrie (Oct 23)
    - Re: Windows Command Processor CMD.EXE BufferOverflow Matthew Flaschen (Oct 23)
    - Re: Windows Command Processor CMD.EXE BufferOverflow Brian Eaton (Oct 23)
    - Re: Windows Command Processor CMD.EXE BufferOverflow Debasis Mohanty (Oct 23)
    - Message not available
    - Fwd: Windows Command Processor CMD.EXE BufferOverflow Mark Senior (Oct 24)
    - Re: Windows Command Processor CMD.EXEBufferOverflow Dave "No, not that one" Korn (Oct 25)
  - Re: Windows Command Processor CMD.EXE Buffer Overflow Nick FitzGerald (Oct 23)