[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Windows Command Processor CMD.EXE Buffer Overflow

To: full-disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Windows Command Processor CMD.EXE Buffer Overflow
From: "Brian Eaton" <eaton.lists@xxxxxxxxx>
Date: Mon, 23 Oct 2006 12:54:29 -0400

On 10/23/06, offset@xxxxxxxxxxxx <offset@xxxxxxxxxxxx> wrote:
> This works on Windows SP2 : The system doesn't reply "The filename or 
> extension is too long."
> but cmd crash.

Is there a reason that a buffer overflow in cmd.exe matters?

If the attacker is sending arbitrary input to cmd.exe, haven't they
owned the box anyway?

Regards,
Brian

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Windows Command Processor CMD.EXE Buffer Overflow
  - From: Thierry Zoller
- Re: [Full-disclosure] Windows Command Processor CMD.EXE Buffer Overflow
  - From: Nick FitzGerald

References:
- Re: [Full-disclosure] Windows Command Processor CMD.EXE Buffer Overflow
  - From: offset

Prev by Date: Re: [Full-disclosure] Plague re-visited
Next by Date: [Full-disclosure] [SECURITY] [DSA 1198-1] New python2.3 packages fix arbitrary code execution
Previous by thread: Re: [Full-disclosure] Windows Command Processor CMD.EXE Buffer Overflow
Next by thread: Re: [Full-disclosure] Windows Command Processor CMD.EXE Buffer Overflow
Index(es):
- Date
- Thread