Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Windows Command Processor CMD.EXE Buffer Overflow

From: "Marvin Simkin" <Marvin.Simkin () asu edu>
Date: Fri, 20 Oct 2006 15:51:17 -0700
WXPSP2 fully patched:

C:\>ver

Microsoft Windows XP [Version 5.1.2600]

C:\>%COMSPEC% /K "dir \?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
The filename or extension is too long.

C:\>

... but then, all the command history is lost; you cannot arrow-up to repeat the command.




-----Original Message-----
From: listbounce () securityfocus com on behalf of Osvaldo Casagrande
Sent: Fri 2006-10-20 04:51
To: gregory_panakkal; vuln-dev () securityfocus com
Subject: RE: Windows Command Processor CMD.EXE Buffer Overflow
 
It does not works on Windows Vista RC1 (5728)


Osvaldo Casagrande 
MCSE. MCT, MVP, Security+
Gerente de Servicios 
DiviServ S.A.
D: 595(21) 613 828 | Cel. 595 (971) 300 836 | |: ocasagrande () diviserv com |  Add me to messenger

Busca mis referencias? / Looking for my personal references?
Acces to Programa MVP - Access to Certificaciones MS On "Transcript ID" input: 740381 / On "Access Code" input: 
ViewMyInfo

Running Windows Vista RC1- Build 5728 and Office 2007 Beta 2 TR

CONFIDENCIALIDAD: La informacion contenida en este mail y sus anexos es confidencial y/o privilegiada y esta reservada 
para el destinatario unicamente.  Si usted no es el destinatario o un agente responsable de enviar este mensaje al 
destinatario final, se le notifica que: No puede utilizarlo, retransmitirlo, imprimirlo, copiarlo o divulgar las 
informaciones contenidas en este mail o sus anexos o tomar cualquier accion basada en estas informaciones. Si usted 
recibe este mensaje por error, por favor avise inmediatamente al remitente, y tenga la amabilidad de borrarlo de su 
computadora o cualquier otro banco de datos. DIVISERV agradece su cooperacion. 

This mail message may contain confidential and/or privileged information for the adressee. If you are not the addressee 
or authorized to receive this for the addressee, you must not use, copy, print, retransmit, disclose or take any action 
based on this message or any information herein. If you have received this message by mistake, please advise the sender 
immediately replying this message and delete it from your computer and any database. DIVISERV appreciates your 
cooperation.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of gregory_panakkal
Sent: Wednesday, October 18, 2006 11:33 PM
To: vuln-dev () securityfocus com
Subject: Windows Command Processor CMD.EXE Buffer Overflow


Windows Command Processor CMD.EXE Buffer Overflow
Tested on WinXP SP2
Impact - Very Low


Copy-paste the following line in cmd.exe and execute it..
(it is a single command, has been split into multiple lines for
readability sake).

%COMSPEC% /K "dir
\\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

(260 characters of 'A's)

DEP Comes into the picture.

URL :
http://www.infogreg.com/security/misc/windows-command-processor-cmd.exe-buffer-overflow.html

regards,
Gregory Panakkal
www.infogreg.com
-- 
  gregory_panakkal
  gregory_panakkal () fastmail fm

-- 
http://www.fastmail.fm - I mean, what is it about a decent email service?
Previous By Date Next
Previous By Thread Next

Current thread: