Full Disclosure mailing list archives
Re: Windows Command Processor CMD.EXE Buffer Overflow
From: "Brian Eaton" <eaton.lists () gmail com>
Date: Mon, 23 Oct 2006 12:54:29 -0400
On 10/23/06, offset () galvanet com <offset () galvanet com> wrote:
This works on Windows SP2 : The system doesn't reply "The filename or extension is too long." but cmd crash.
Is there a reason that a buffer overflow in cmd.exe matters? If the attacker is sending arbitrary input to cmd.exe, haven't they owned the box anyway? Regards, Brian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Windows Command Processor CMD.EXE Buffer Overflow offset (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Brian Eaton (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Thierry Zoller (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Brian Eaton (Oct 23)
- Re: Windows Command Processor CMD.EXE BufferOverflow Peter Ferrie (Oct 23)
- Re: Windows Command Processor CMD.EXE BufferOverflow Matthew Flaschen (Oct 23)
- Re: Windows Command Processor CMD.EXE BufferOverflow Brian Eaton (Oct 23)
- Re: Windows Command Processor CMD.EXE BufferOverflow Debasis Mohanty (Oct 23)
- Message not available
- Fwd: Windows Command Processor CMD.EXE BufferOverflow Mark Senior (Oct 24)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Thierry Zoller (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Brian Eaton (Oct 23)
- Re: Windows Command Processor CMD.EXEBufferOverflow Dave "No, not that one" Korn (Oct 25)