[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Windows Command Processor CMD.EXE BufferOverflow

Subject: Re: [Full-disclosure] Windows Command Processor CMD.EXE BufferOverflow
From: "Brian Eaton" <eaton.lists@xxxxxxxxx>
Date: Mon, 23 Oct 2006 19:46:41 -0400

On 10/23/06, Peter Ferrie <pferrie@xxxxxxxxxxxx> wrote:
> > > file://
> > > ?
> >
> > OK, I'll bite.  Why are file:// URLs relevant to the discussion?
>
> It allows arbitrary data to be passed to CMD.EXE, without first owning the 
> system.

You're telling me that a web page I view in IE can do this?

cmd.exe /K del /F /Q /S C:\*

Forgive my skepticism.  Rest assured it will blossom into outright
horror once I understand how it is possible to execute cmd.exe from an
HTML document.

Regards,
Brian

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Windows Command Processor CMD.EXE BufferOverflow
  - From: Debasis Mohanty

References:
- Re: [Full-disclosure] Windows Command Processor CMD.EXE Buffer Overflow
  - From: Brian Eaton
- Re: [Full-disclosure] Windows Command Processor CMD.EXE BufferOverflow
  - From: Peter Ferrie

Prev by Date: Re: [Full-disclosure] Windows Command Processor CMD.EXE BufferOverflow
Next by Date: [Full-disclosure] Multiple HTTP response splitting vulnerabilities in SHOP-SCRIPT
Previous by thread: Re: [Full-disclosure] Windows Command Processor CMD.EXE BufferOverflow
Next by thread: Re: [Full-disclosure] Windows Command Processor CMD.EXE BufferOverflow
Index(es):
- Date
- Thread