Full Disclosure mailing list archives
Re: Windows Command Processor CMD.EXE BufferOverflow
From: "Brian Eaton" <eaton.lists () gmail com>
Date: Mon, 23 Oct 2006 19:46:41 -0400
On 10/23/06, Peter Ferrie <pferrie () symantec com> wrote:
file:// ?OK, I'll bite. Why are file:// URLs relevant to the discussion?It allows arbitrary data to be passed to CMD.EXE, without first owning the system.
You're telling me that a web page I view in IE can do this? cmd.exe /K del /F /Q /S C:\* Forgive my skepticism. Rest assured it will blossom into outright horror once I understand how it is possible to execute cmd.exe from an HTML document. Regards, Brian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Windows Command Processor CMD.EXE Buffer Overflow offset (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Brian Eaton (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Thierry Zoller (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Brian Eaton (Oct 23)
- Re: Windows Command Processor CMD.EXE BufferOverflow Peter Ferrie (Oct 23)
- Re: Windows Command Processor CMD.EXE BufferOverflow Matthew Flaschen (Oct 23)
- Re: Windows Command Processor CMD.EXE BufferOverflow Brian Eaton (Oct 23)
- Re: Windows Command Processor CMD.EXE BufferOverflow Debasis Mohanty (Oct 23)
- Message not available
- Fwd: Windows Command Processor CMD.EXE BufferOverflow Mark Senior (Oct 24)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Thierry Zoller (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Brian Eaton (Oct 23)
- Re: Windows Command Processor CMD.EXEBufferOverflow Dave "No, not that one" Korn (Oct 25)