[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Windows XP cmd.exe crash
- To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: [Full-disclosure] Windows XP cmd.exe crash
- From: Pedro Laguna <pedlagdur@xxxxxxxxxxxxx>
- Date: Fri, 28 Jun 2013 14:17:43 +0100
Ey list! Just something quick and funny crash I found long time ago and it may
give some of you something to check this weekend.
Windows XP cmd.exe crash when trying to copy files with a very long name. The
following BATCH file can crash the cmd.exe process:
----------------------------------- crash.bat
--------------------------------------@echo offecho test > data.txtcopy
"%CD%"\data.txt
\\.\C:\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.txtREM
copy "%CD%"\data.txt
\\?\C:\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.txt----------------------------------
/ crash.bat ----------------------------------------
It only happens with "copy" but not with "move" command and with both \\.\ and
\\?\ prefixes. I'm not an expert on these fields so I don't know if it will be
possible to exploit it, maybe some of you with crazy kung fu skills can do it.
If not, it's just a weird behaviour for the cmd.exe and given that is less than
a year to the end of life of the Windows XP cannot see any harm sharing it.
Ta!
--
Pedro Laguna
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/