Vulnerability Development mailing list archives

Re: cipher.exe overflow

From: "K. K. Mookhey" <cto () nii co in>
Date: Wed, 23 Apr 2003 11:05:39 +0530

Hi Moran,
Windows 2000 is full of local buffer overflows. We too reported a couple to MS, and then stopped looking. There was a 
discussion some time back on Nslookup having a local BO. I think the thread is here:
http://www.securityfocus.com/archive/82/315781

K. K. Mookhey
CTO,
Network Intelligence India Pvt. Ltd.
Web: www.nii.co.in
=================================
Security Auditing Software - AuditPro
http://www.nii.co.in/products.html
=================================


there is a problem with cipher.exe.
overflow occurs when you add string of more than 256 chars.
example:
c:\> cipher.exe  <A * 257>

program will crash.

Current thread:

cipher.exe overflow moran zavdi (Apr 22)
- Re: cipher.exe overflow K. K. Mookhey (Apr 23)
- <Possible follow-ups>
- Re: cipher.exe overflow moran zavdi (Apr 24)
  - Re: cipher.exe overflow (runas.exe) wirepair (Apr 28)