Vulnerability Development mailing list archives

Re: Windows Command Processor CMD.EXE Buffer Overflow

From: Danux <danuxx () gmail com>
Date: Sun, 22 Oct 2006 17:24:42 -0500

It doesnt work on Windows 2003 without patches but hardened!!!

E:\Documents and Settings\danux>%COMSPEC% /K "dir \\?\AAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

E:\Documents and Settings\danux>

Nothing happens!!!!

--
Danux, CISSP
Chief Information Security Officer
Macula Security Consulting Group
www.macula-group.com

Current thread:

Windows Command Processor CMD.EXE Buffer Overflow gregory_panakkal (Oct 19)
- Re: Windows Command Processor CMD.EXE Buffer Overflow The SNiFF (Oct 20)
  - RE: Windows Command Processor CMD.EXE Buffer Overflow Luis Alberto Cortes Zavala (Oct 21)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Osvaldo Casagrande (Oct 20)
  - RE: Windows Command Processor CMD.EXE Buffer Overflow Marvin Simkin (Oct 21)
    - RE: Windows Command Processor CMD.EXE Buffer Overflow Marvin Simkin (Oct 21)
    - RE: Windows Command Processor CMD.EXE Buffer Overflow gregory_panakkal (Oct 21)
    - Re: Windows Command Processor CMD.EXE Buffer Overflow Dan Yefimov (Oct 22)
    - RE: Windows Command Processor CMD.EXE Buffer Overflow Luis Alberto Cortes Zavala (Oct 22)
    - Re: Windows Command Processor CMD.EXE Buffer Overflow Dan Yefimov (Oct 23)
    - Re: Windows Command Processor CMD.EXE Buffer Overflow Danux (Oct 23)
    - RE: Windows Command Processor CMD.EXE Buffer Overflow Marvin Simkin (Oct 23)
  - RE: Windows Command Processor CMD.EXE Buffer Overflow RockyH (Oct 21)
- Message not available
  - Re: Windows Command Processor CMD.EXE Buffer Overflow Bernardo Wernesback (Oct 23)
- <Possible follow-ups>
- Re: Re: Windows Command Processor CMD.EXE Buffer Overflow mr . dan . friedman (Oct 24)