Vulnerability Development mailing list archives
RE: Windows Command Processor CMD.EXE Buffer Overflow
From: "RockyH" <rocky.he () g-wizinnovations com>
Date: Sun, 22 Oct 2006 00:05:16 +1000
It didn't work on Windows Server 2003 or Windows 2000 either. (fully patched and latest SPs) RH -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Osvaldo Casagrande Sent: Friday, 20 October 2006 9:52 PM To: gregory_panakkal; vuln-dev () securityfocus com Subject: RE: Windows Command Processor CMD.EXE Buffer Overflow It does not works on Windows Vista RC1 (5728) Osvaldo Casagrande MCSE. MCT, MVP, Security+ Gerente de Servicios DiviServ S.A. D: 595(21) 613 828 | Cel. 595 (971) 300 836 | |: ocasagrande () diviserv com | Add me to messenger Busca mis referencias? / Looking for my personal references? Acces to Programa MVP - Access to Certificaciones MS On "Transcript ID" input: 740381 / On "Access Code" input: ViewMyInfo Running Windows Vista RC1- Build 5728 and Office 2007 Beta 2 TR CONFIDENCIALIDAD: La informacion contenida en este mail y sus anexos es confidencial y/o privilegiada y esta reservada para el destinatario unicamente. Si usted no es el destinatario o un agente responsable de enviar este mensaje al destinatario final, se le notifica que: No puede utilizarlo, retransmitirlo, imprimirlo, copiarlo o divulgar las informaciones contenidas en este mail o sus anexos o tomar cualquier accion basada en estas informaciones. Si usted recibe este mensaje por error, por favor avise inmediatamente al remitente, y tenga la amabilidad de borrarlo de su computadora o cualquier otro banco de datos. DIVISERV agradece su cooperacion. This mail message may contain confidential and/or privileged information for the adressee. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, print, retransmit, disclose or take any action based on this message or any information herein. If you have received this message by mistake, please advise the sender immediately replying this message and delete it from your computer and any database. DIVISERV appreciates your cooperation. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of gregory_panakkal Sent: Wednesday, October 18, 2006 11:33 PM To: vuln-dev () securityfocus com Subject: Windows Command Processor CMD.EXE Buffer Overflow Windows Command Processor CMD.EXE Buffer Overflow Tested on WinXP SP2 Impact - Very Low Copy-paste the following line in cmd.exe and execute it.. (it is a single command, has been split into multiple lines for readability sake). %COMSPEC% /K "dir \\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA A AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA A AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" (260 characters of 'A's) DEP Comes into the picture. URL : http://www.infogreg.com/security/misc/windows-command-processor-cmd.exe-buff er-overflow.html regards, Gregory Panakkal www.infogreg.com -- gregory_panakkal gregory_panakkal () fastmail fm -- http://www.fastmail.fm - I mean, what is it about a decent email service?
Current thread:
- RE: Windows Command Processor CMD.EXE Buffer Overflow, (continued)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Luis Alberto Cortes Zavala (Oct 21)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Osvaldo Casagrande (Oct 20)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Marvin Simkin (Oct 21)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Marvin Simkin (Oct 21)
- RE: Windows Command Processor CMD.EXE Buffer Overflow gregory_panakkal (Oct 21)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Dan Yefimov (Oct 22)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Luis Alberto Cortes Zavala (Oct 22)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Dan Yefimov (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Danux (Oct 23)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Marvin Simkin (Oct 21)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Marvin Simkin (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Bernardo Wernesback (Oct 23)