Full Disclosure mailing list archives
Re: Windows Command Processor CMD.EXE Buffer Overflow
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 24 Oct 2006 10:44:23 +1300
Brian Eaton wrote:
Is there a reason that a buffer overflow in cmd.exe matters? If the attacker is sending arbitrary input to cmd.exe, haven't they owned the box anyway?
Without trying to test anything, it just may be exploitable via a "shortcut" file or a Packager "package", either embedded or in the form of a standalone (.SHS or similar) file. If so, that potentially opens up a few "assisted remote" (i.e. the user has to double-click an attachment, click a URL link, etc) exploit options... Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Windows Command Processor CMD.EXE Buffer Overflow offset (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Brian Eaton (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Thierry Zoller (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Brian Eaton (Oct 23)
- Re: Windows Command Processor CMD.EXE BufferOverflow Peter Ferrie (Oct 23)
- Re: Windows Command Processor CMD.EXE BufferOverflow Matthew Flaschen (Oct 23)
- Re: Windows Command Processor CMD.EXE BufferOverflow Brian Eaton (Oct 23)
- Re: Windows Command Processor CMD.EXE BufferOverflow Debasis Mohanty (Oct 23)
- Message not available
- Fwd: Windows Command Processor CMD.EXE BufferOverflow Mark Senior (Oct 24)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Thierry Zoller (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Brian Eaton (Oct 23)
- Re: Windows Command Processor CMD.EXEBufferOverflow Dave "No, not that one" Korn (Oct 25)