Full Disclosure mailing list archives
Re: Windows Command Processor CMD.EXE BufferOverflow
From: Matthew Flaschen <matthew.flaschen () gatech edu>
Date: Mon, 23 Oct 2006 18:24:40 -0400
Aren't cross-zone urls disallowed by default, though? Matt Flaschen Peter Ferrie wrote:
file:// ?OK, I'll bite. Why are file:// URLs relevant to the discussion?It allows arbitrary data to be passed to CMD.EXE, without first owning the system. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Windows Command Processor CMD.EXE Buffer Overflow offset (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Brian Eaton (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Thierry Zoller (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Brian Eaton (Oct 23)
- Re: Windows Command Processor CMD.EXE BufferOverflow Peter Ferrie (Oct 23)
- Re: Windows Command Processor CMD.EXE BufferOverflow Matthew Flaschen (Oct 23)
- Re: Windows Command Processor CMD.EXE BufferOverflow Brian Eaton (Oct 23)
- Re: Windows Command Processor CMD.EXE BufferOverflow Debasis Mohanty (Oct 23)
- Message not available
- Fwd: Windows Command Processor CMD.EXE BufferOverflow Mark Senior (Oct 24)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Thierry Zoller (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Brian Eaton (Oct 23)
- Re: Windows Command Processor CMD.EXEBufferOverflow Dave "No, not that one" Korn (Oct 25)